aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: list-keywords cli shows integers with enums

Browse Source 
Ticket: 7875
pull/13884/head
Philippe Antoine 2 months ago committed by Victor Julien
parent da486af881
commit 53d9569dfb
10 changed files with 38 additions and 45 deletions
Show Stats Download Patch File Download Diff File

1
rust/cbindgen.toml
Unescape Escape View File

@ -124,6 +124,7 @@ exclude = [
"SIGMATCH_INFO_UINT32", "SIGMATCH_INFO_UINT32",
"SIGMATCH_INFO_UINT64", "SIGMATCH_INFO_UINT64",
"SIGMATCH_INFO_MULTI_UINT", "SIGMATCH_INFO_MULTI_UINT",
"SIGMATCH_INFO_ENUM_UINT",
"FtpCommand", "FtpCommand",
] ]

1
rust/src/detect/mod.rs
Unescape Escape View File

@ -135,6 +135,7 @@ pub const SIGMATCH_INFO_UINT16: u32 = 0x10000; // BIT_U32(16)
pub const SIGMATCH_INFO_UINT32: u32 = 0x20000; // BIT_U32(17) pub const SIGMATCH_INFO_UINT32: u32 = 0x20000; // BIT_U32(17)
pub const SIGMATCH_INFO_UINT64: u32 = 0x40000; // BIT_U32(18) pub const SIGMATCH_INFO_UINT64: u32 = 0x40000; // BIT_U32(18)
pub const SIGMATCH_INFO_MULTI_UINT: u32 = 0x80000; // BIT_U32(19) pub const SIGMATCH_INFO_MULTI_UINT: u32 = 0x80000; // BIT_U32(19)
pub const SIGMATCH_INFO_ENUM_UINT: u32 = 0x100000; // BIT_U32(20)
#[repr(u8)] #[repr(u8)]

8
rust/src/dns/detect.rs
Unescape Escape View File

@ -25,8 +25,8 @@ use crate::detect::uint::{
SCDetectU8Free, SCDetectU8Parse, SCDetectU8Free, SCDetectU8Parse,
}; };
use crate::detect::{ use crate::detect::{
helper_keyword_register_multi_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_MULTI_UINT, helper_keyword_register_multi_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT,
SIGMATCH_INFO_UINT16, SIGMATCH_INFO_UINT8, SIGMATCH_INFO_MULTI_UINT, SIGMATCH_INFO_UINT16, SIGMATCH_INFO_UINT8,
}; };
use crate::direction::Direction; use crate::direction::Direction;
use std::ffi::CStr; use std::ffi::CStr;
@ -411,7 +411,7 @@ pub unsafe extern "C" fn SCDetectDNSRegister() {
AppLayerTxMatch: Some(dns_rcode_match), AppLayerTxMatch: Some(dns_rcode_match),
Setup: Some(dns_rcode_setup), Setup: Some(dns_rcode_setup),
Free: Some(dns_rcode_free), Free: Some(dns_rcode_free),
flags: SIGMATCH_INFO_UINT16, flags: SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_ENUM_UINT,
}; };
G_DNS_RCODE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_DNS_RCODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_DNS_RCODE_BUFFER_ID = SCDetectHelperBufferRegister( G_DNS_RCODE_BUFFER_ID = SCDetectHelperBufferRegister(
@ -426,7 +426,7 @@ pub unsafe extern "C" fn SCDetectDNSRegister() {
AppLayerTxMatch: Some(dns_rrtype_match), AppLayerTxMatch: Some(dns_rrtype_match),
Setup: Some(dns_rrtype_setup), Setup: Some(dns_rrtype_setup),
Free: Some(dns_rrtype_free), Free: Some(dns_rrtype_free),
flags: SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_MULTI_UINT, flags: SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_MULTI_UINT | SIGMATCH_INFO_ENUM_UINT,
}; };
G_DNS_RRTYPE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_DNS_RRTYPE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_DNS_RRTYPE_BUFFER_ID = SCDetectHelperBufferRegister( G_DNS_RRTYPE_BUFFER_ID = SCDetectHelperBufferRegister(

8
rust/src/enip/detect.rs
Unescape Escape View File

@ -36,8 +36,8 @@ use crate::detect::uint::{
SCDetectU8Match, SCDetectU8Parse, SCDetectU8Match, SCDetectU8Parse,
}; };
use crate::detect::{ use crate::detect::{
helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_MULTI_UINT, helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT,
SIGMATCH_INFO_UINT16, SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8, SIGMATCH_INFO_MULTI_UINT, SIGMATCH_INFO_UINT16, SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8,
}; };
use suricata_sys::sys::{ use suricata_sys::sys::{
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
@ -1428,7 +1428,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
AppLayerTxMatch: Some(status_match), AppLayerTxMatch: Some(status_match),
Setup: Some(status_setup), Setup: Some(status_setup),
Free: Some(status_free), Free: Some(status_free),
flags: SIGMATCH_INFO_UINT32, flags: SIGMATCH_INFO_UINT32 | SIGMATCH_INFO_ENUM_UINT,
}; };
G_ENIP_STATUS_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_STATUS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_STATUS_BUFFER_ID = SCDetectHelperBufferRegister( G_ENIP_STATUS_BUFFER_ID = SCDetectHelperBufferRegister(
@ -1518,7 +1518,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
AppLayerTxMatch: Some(command_match), AppLayerTxMatch: Some(command_match),
Setup: Some(command_setup), Setup: Some(command_setup),
Free: Some(command_free), Free: Some(command_free),
flags: SIGMATCH_INFO_UINT16, flags: SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_ENUM_UINT,
}; };
G_ENIP_COMMAND_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_COMMAND_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_COMMAND_BUFFER_ID = SCDetectHelperBufferRegister( G_ENIP_COMMAND_BUFFER_ID = SCDetectHelperBufferRegister(

9
rust/src/ldap/detect.rs
Unescape Escape View File

@ -24,7 +24,8 @@ use crate::detect::uint::{
}; };
use crate::detect::{ use crate::detect::{
helper_keyword_register_multi_buffer, helper_keyword_register_sticky_buffer, helper_keyword_register_multi_buffer, helper_keyword_register_sticky_buffer,
SigTableElmtStickyBuffer, SIGMATCH_INFO_MULTI_UINT, SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8, SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT, SIGMATCH_INFO_MULTI_UINT,
SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8,
}; };
use crate::ldap::types::*; use crate::ldap::types::*;
use ldap_parser::ldap::{LdapMessage, ProtocolOp}; use ldap_parser::ldap::{LdapMessage, ProtocolOp};
@ -519,7 +520,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() {
AppLayerTxMatch: Some(ldap_detect_request_operation_match), AppLayerTxMatch: Some(ldap_detect_request_operation_match),
Setup: Some(ldap_detect_request_operation_setup), Setup: Some(ldap_detect_request_operation_setup),
Free: Some(ldap_detect_request_free), Free: Some(ldap_detect_request_free),
flags: SIGMATCH_INFO_UINT8, flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_ENUM_UINT,
}; };
G_LDAP_REQUEST_OPERATION_KW_ID = SCDetectHelperKeywordRegister(&kw); G_LDAP_REQUEST_OPERATION_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_LDAP_REQUEST_OPERATION_BUFFER_ID = SCDetectHelperBufferRegister( G_LDAP_REQUEST_OPERATION_BUFFER_ID = SCDetectHelperBufferRegister(
@ -535,7 +536,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() {
AppLayerTxMatch: Some(ldap_detect_responses_operation_match), AppLayerTxMatch: Some(ldap_detect_responses_operation_match),
Setup: Some(ldap_detect_responses_operation_setup), Setup: Some(ldap_detect_responses_operation_setup),
Free: Some(ldap_detect_responses_free), Free: Some(ldap_detect_responses_free),
flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_MULTI_UINT, flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_MULTI_UINT | SIGMATCH_INFO_ENUM_UINT,
}; };
G_LDAP_RESPONSES_OPERATION_KW_ID = SCDetectHelperKeywordRegister(&kw); G_LDAP_RESPONSES_OPERATION_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_LDAP_RESPONSES_OPERATION_BUFFER_ID = SCDetectHelperBufferRegister( G_LDAP_RESPONSES_OPERATION_BUFFER_ID = SCDetectHelperBufferRegister(
@ -594,7 +595,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() {
AppLayerTxMatch: Some(ldap_detect_responses_result_code_match), AppLayerTxMatch: Some(ldap_detect_responses_result_code_match),
Setup: Some(ldap_detect_responses_result_code_setup), Setup: Some(ldap_detect_responses_result_code_setup),
Free: Some(ldap_detect_responses_result_code_free), Free: Some(ldap_detect_responses_result_code_free),
flags: SIGMATCH_INFO_UINT32 | SIGMATCH_INFO_MULTI_UINT, flags: SIGMATCH_INFO_UINT32 | SIGMATCH_INFO_MULTI_UINT | SIGMATCH_INFO_ENUM_UINT,
}; };
G_LDAP_RESPONSES_RESULT_CODE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_LDAP_RESPONSES_RESULT_CODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_LDAP_RESPONSES_RESULT_CODE_BUFFER_ID = SCDetectHelperBufferRegister( G_LDAP_RESPONSES_RESULT_CODE_BUFFER_ID = SCDetectHelperBufferRegister(

5
rust/src/mqtt/detect.rs
Unescape Escape View File

@ -24,7 +24,8 @@ use crate::detect::uint::{
}; };
use crate::detect::{ use crate::detect::{
helper_keyword_register_multi_buffer, helper_keyword_register_sticky_buffer, helper_keyword_register_multi_buffer, helper_keyword_register_sticky_buffer,
SigTableElmtStickyBuffer, SIGMATCH_INFO_MULTI_UINT, SIGMATCH_INFO_UINT8, SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT, SIGMATCH_INFO_MULTI_UINT,
SIGMATCH_INFO_UINT8,
}; };
use suricata_sys::sys::{ use suricata_sys::sys::{
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
@ -1011,7 +1012,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
AppLayerTxMatch: Some(mqtt_type_match), AppLayerTxMatch: Some(mqtt_type_match),
Setup: Some(mqtt_type_setup), Setup: Some(mqtt_type_setup),
Free: Some(mqtt_type_free), Free: Some(mqtt_type_free),
flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_MULTI_UINT, flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_MULTI_UINT | SIGMATCH_INFO_ENUM_UINT,
}; };
G_MQTT_TYPE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_MQTT_TYPE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_TYPE_BUFFER_ID = SCDetectHelperBufferRegister( G_MQTT_TYPE_BUFFER_ID = SCDetectHelperBufferRegister(

5
rust/src/rfb/detect.rs
Unescape Escape View File

@ -24,7 +24,8 @@ use crate::detect::uint::{
detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU32Free, SCDetectU32Parse, detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU32Free, SCDetectU32Parse,
}; };
use crate::detect::{ use crate::detect::{
helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_UINT32, helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT,
SIGMATCH_INFO_UINT32,
}; };
use std::ffi::CStr; use std::ffi::CStr;
use std::os::raw::{c_int, c_void}; use std::os::raw::{c_int, c_void};
@ -220,7 +221,7 @@ pub unsafe extern "C" fn SCDetectRfbRegister() {
AppLayerTxMatch: Some(rfb_sec_result_match), AppLayerTxMatch: Some(rfb_sec_result_match),
Setup: Some(rfb_sec_result_setup), Setup: Some(rfb_sec_result_setup),
Free: Some(rfb_sec_result_free), Free: Some(rfb_sec_result_free),
flags: SIGMATCH_INFO_UINT32, flags: SIGMATCH_INFO_UINT32 | SIGMATCH_INFO_ENUM_UINT,
}; };
G_RFB_SEC_RESULT_KW_ID = SCDetectHelperKeywordRegister(&kw); G_RFB_SEC_RESULT_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_RFB_SEC_RESULT_BUFFER_ID = SCDetectHelperBufferRegister( G_RFB_SEC_RESULT_BUFFER_ID = SCDetectHelperBufferRegister(

6
rust/src/websocket/detect.rs
Unescape Escape View File

@ -22,8 +22,8 @@ use crate::detect::uint::{
SCDetectU32Match, SCDetectU32Parse, SCDetectU8Free, SCDetectU8Match, SCDetectU32Match, SCDetectU32Parse, SCDetectU8Free, SCDetectU8Match,
}; };
use crate::detect::{ use crate::detect::{
helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_UINT32, helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT,
SIGMATCH_INFO_UINT8, SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8,
}; };
use crate::websocket::parser::WebSocketOpcode; use crate::websocket::parser::WebSocketOpcode;
use suricata_sys::sys::{ use suricata_sys::sys::{
@ -276,7 +276,7 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() {
AppLayerTxMatch: Some(websocket_detect_opcode_match), AppLayerTxMatch: Some(websocket_detect_opcode_match),
Setup: Some(websocket_detect_opcode_setup), Setup: Some(websocket_detect_opcode_setup),
Free: Some(websocket_detect_opcode_free), Free: Some(websocket_detect_opcode_free),
flags: SIGMATCH_INFO_UINT8, flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_ENUM_UINT,
}; };
G_WEBSOCKET_OPCODE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_WEBSOCKET_OPCODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_WEBSOCKET_OPCODE_BUFFER_ID = SCDetectHelperBufferRegister( G_WEBSOCKET_OPCODE_BUFFER_ID = SCDetectHelperBufferRegister(

38
src/detect-engine-register.c
Unescape Escape View File

@ -335,36 +335,22 @@ static void PrintFeatureList(const SigTableElmt *e, char sep)
printf("multi buffer"); printf("multi buffer");
prev = 1; prev = 1;
} }
if (flags & SIGMATCH_INFO_UINT8) { if (flags & (SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_UINT32 |
SIGMATCH_INFO_UINT64)) {
if (prev == 1) if (prev == 1)
printf("%c", sep); printf("%c", sep);
if (flags & SIGMATCH_INFO_MULTI_UINT) if (flags & SIGMATCH_INFO_MULTI_UINT)
printf("multi "); printf("multi ");
printf("uint8"); if (flags & SIGMATCH_INFO_ENUM_UINT)
prev = 1; printf("enum ");
} if (flags & SIGMATCH_INFO_UINT8)
if (flags & SIGMATCH_INFO_UINT16) { printf("uint8");
if (prev == 1) if (flags & SIGMATCH_INFO_UINT16)
printf("%c", sep); printf("uint16");
if (flags & SIGMATCH_INFO_MULTI_UINT) if (flags & SIGMATCH_INFO_UINT32)
printf("multi "); printf("uint32");
printf("uint16"); if (flags & SIGMATCH_INFO_UINT64)
prev = 1; printf("uint64");
}
if (flags & SIGMATCH_INFO_UINT32) {
if (prev == 1)
printf("%c", sep);
if (flags & SIGMATCH_INFO_MULTI_UINT)
printf("multi ");
printf("uint32");
prev = 1;
}
if (flags & SIGMATCH_INFO_UINT64) {
if (prev == 1)
printf("%c", sep);
if (flags & SIGMATCH_INFO_MULTI_UINT)
printf("multi ");
printf("uint64");
prev = 1; prev = 1;
} }
if (e->Transform) { if (e->Transform) {

2
src/detect.h
Unescape Escape View File

@ -1692,6 +1692,8 @@ typedef struct SigGroupHead_ {
#define SIGMATCH_INFO_UINT64 BIT_U32(18) #define SIGMATCH_INFO_UINT64 BIT_U32(18)
/** keyword is a multi uint */ /** keyword is a multi uint */
#define SIGMATCH_INFO_MULTI_UINT BIT_U32(19) #define SIGMATCH_INFO_MULTI_UINT BIT_U32(19)
/** keyword is an uint with enumeration stringer */
#define SIGMATCH_INFO_ENUM_UINT BIT_U32(20)
enum DetectEngineTenantSelectors enum DetectEngineTenantSelectors
{ {

Write Preview
Loading…
Cancel
Save