detect: list-keywords cli shows integers with enums

Ticket: 7875
2 months ago · 53d9569dfb
parent da486af881
commit 53d9569dfb
10 changed files with 38 additions and 45 deletions
--- a/rust/cbindgen.toml
+++ b/rust/cbindgen.toml
@ -124,6 +124,7 @@ exclude = [
    "SIGMATCH_INFO_UINT32",
    "SIGMATCH_INFO_UINT64",
    "SIGMATCH_INFO_MULTI_UINT",
+    "SIGMATCH_INFO_ENUM_UINT",
    "FtpCommand",
 ]

--- a/rust/src/detect/mod.rs
+++ b/rust/src/detect/mod.rs
@ -135,6 +135,7 @@ pub const SIGMATCH_INFO_UINT16: u32 = 0x10000; // BIT_U32(16)
 pub const SIGMATCH_INFO_UINT32: u32 = 0x20000; // BIT_U32(17)
 pub const SIGMATCH_INFO_UINT64: u32 = 0x40000; // BIT_U32(18)
 pub const SIGMATCH_INFO_MULTI_UINT: u32 = 0x80000; // BIT_U32(19)
+pub const SIGMATCH_INFO_ENUM_UINT: u32 = 0x100000; // BIT_U32(20)


 #[repr(u8)]
--- a/rust/src/dns/detect.rs
+++ b/rust/src/dns/detect.rs
@ -25,8 +25,8 @@ use crate::detect::uint::{
    SCDetectU8Free, SCDetectU8Parse,
 };
 use crate::detect::{
-    helper_keyword_register_multi_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_MULTI_UINT,
-    SIGMATCH_INFO_UINT16, SIGMATCH_INFO_UINT8,
+    helper_keyword_register_multi_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT,
+    SIGMATCH_INFO_MULTI_UINT, SIGMATCH_INFO_UINT16, SIGMATCH_INFO_UINT8,
 };
 use crate::direction::Direction;
 use std::ffi::CStr;
@ -411,7 +411,7 @@ pub unsafe extern "C" fn SCDetectDNSRegister() {
        AppLayerTxMatch: Some(dns_rcode_match),
        Setup: Some(dns_rcode_setup),
        Free: Some(dns_rcode_free),
-        flags: SIGMATCH_INFO_UINT16,
+        flags: SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_ENUM_UINT,
    };
    G_DNS_RCODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
    G_DNS_RCODE_BUFFER_ID = SCDetectHelperBufferRegister(
@ -426,7 +426,7 @@ pub unsafe extern "C" fn SCDetectDNSRegister() {
        AppLayerTxMatch: Some(dns_rrtype_match),
        Setup: Some(dns_rrtype_setup),
        Free: Some(dns_rrtype_free),
-        flags: SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_MULTI_UINT,
+        flags: SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_MULTI_UINT | SIGMATCH_INFO_ENUM_UINT,
    };
    G_DNS_RRTYPE_KW_ID = SCDetectHelperKeywordRegister(&kw);
    G_DNS_RRTYPE_BUFFER_ID = SCDetectHelperBufferRegister(
--- a/rust/src/enip/detect.rs
+++ b/rust/src/enip/detect.rs
@ -36,8 +36,8 @@ use crate::detect::uint::{
    SCDetectU8Match, SCDetectU8Parse,
 };
 use crate::detect::{
-    helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_MULTI_UINT,
-    SIGMATCH_INFO_UINT16, SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8,
+    helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT,
+    SIGMATCH_INFO_MULTI_UINT, SIGMATCH_INFO_UINT16, SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8,
 };
 use suricata_sys::sys::{
    DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
@ -1428,7 +1428,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
        AppLayerTxMatch: Some(status_match),
        Setup: Some(status_setup),
        Free: Some(status_free),
-        flags: SIGMATCH_INFO_UINT32,
+        flags: SIGMATCH_INFO_UINT32 | SIGMATCH_INFO_ENUM_UINT,
    };
    G_ENIP_STATUS_KW_ID = SCDetectHelperKeywordRegister(&kw);
    G_ENIP_STATUS_BUFFER_ID = SCDetectHelperBufferRegister(
@ -1518,7 +1518,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
        AppLayerTxMatch: Some(command_match),
        Setup: Some(command_setup),
        Free: Some(command_free),
-        flags: SIGMATCH_INFO_UINT16,
+        flags: SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_ENUM_UINT,
    };
    G_ENIP_COMMAND_KW_ID = SCDetectHelperKeywordRegister(&kw);
    G_ENIP_COMMAND_BUFFER_ID = SCDetectHelperBufferRegister(
--- a/rust/src/ldap/detect.rs
+++ b/rust/src/ldap/detect.rs
@ -24,7 +24,8 @@ use crate::detect::uint::{
 };
 use crate::detect::{
    helper_keyword_register_multi_buffer, helper_keyword_register_sticky_buffer,
-    SigTableElmtStickyBuffer, SIGMATCH_INFO_MULTI_UINT, SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8,
+    SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT, SIGMATCH_INFO_MULTI_UINT,
+    SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8,
 };
 use crate::ldap::types::*;
 use ldap_parser::ldap::{LdapMessage, ProtocolOp};
@ -519,7 +520,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() {
        AppLayerTxMatch: Some(ldap_detect_request_operation_match),
        Setup: Some(ldap_detect_request_operation_setup),
        Free: Some(ldap_detect_request_free),
-        flags: SIGMATCH_INFO_UINT8,
+        flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_ENUM_UINT,
    };
    G_LDAP_REQUEST_OPERATION_KW_ID = SCDetectHelperKeywordRegister(&kw);
    G_LDAP_REQUEST_OPERATION_BUFFER_ID = SCDetectHelperBufferRegister(
@ -535,7 +536,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() {
        AppLayerTxMatch: Some(ldap_detect_responses_operation_match),
        Setup: Some(ldap_detect_responses_operation_setup),
        Free: Some(ldap_detect_responses_free),
-        flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_MULTI_UINT,
+        flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_MULTI_UINT | SIGMATCH_INFO_ENUM_UINT,
    };
    G_LDAP_RESPONSES_OPERATION_KW_ID = SCDetectHelperKeywordRegister(&kw);
    G_LDAP_RESPONSES_OPERATION_BUFFER_ID = SCDetectHelperBufferRegister(
@ -594,7 +595,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() {
        AppLayerTxMatch: Some(ldap_detect_responses_result_code_match),
        Setup: Some(ldap_detect_responses_result_code_setup),
        Free: Some(ldap_detect_responses_result_code_free),
-        flags: SIGMATCH_INFO_UINT32 | SIGMATCH_INFO_MULTI_UINT,
+        flags: SIGMATCH_INFO_UINT32 | SIGMATCH_INFO_MULTI_UINT | SIGMATCH_INFO_ENUM_UINT,
    };
    G_LDAP_RESPONSES_RESULT_CODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
    G_LDAP_RESPONSES_RESULT_CODE_BUFFER_ID = SCDetectHelperBufferRegister(
--- a/rust/src/mqtt/detect.rs
+++ b/rust/src/mqtt/detect.rs
@ -24,7 +24,8 @@ use crate::detect::uint::{
 };
 use crate::detect::{
    helper_keyword_register_multi_buffer, helper_keyword_register_sticky_buffer,
-    SigTableElmtStickyBuffer, SIGMATCH_INFO_MULTI_UINT, SIGMATCH_INFO_UINT8,
+    SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT, SIGMATCH_INFO_MULTI_UINT,
+    SIGMATCH_INFO_UINT8,
 };
 use suricata_sys::sys::{
    DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
@ -1011,7 +1012,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
        AppLayerTxMatch: Some(mqtt_type_match),
        Setup: Some(mqtt_type_setup),
        Free: Some(mqtt_type_free),
-        flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_MULTI_UINT,
+        flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_MULTI_UINT | SIGMATCH_INFO_ENUM_UINT,
    };
    G_MQTT_TYPE_KW_ID = SCDetectHelperKeywordRegister(&kw);
    G_MQTT_TYPE_BUFFER_ID = SCDetectHelperBufferRegister(
--- a/rust/src/rfb/detect.rs
+++ b/rust/src/rfb/detect.rs
@ -24,7 +24,8 @@ use crate::detect::uint::{
    detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU32Free, SCDetectU32Parse,
 };
 use crate::detect::{
-    helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_UINT32,
+    helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT,
+    SIGMATCH_INFO_UINT32,
 };
 use std::ffi::CStr;
 use std::os::raw::{c_int, c_void};
@ -220,7 +221,7 @@ pub unsafe extern "C" fn SCDetectRfbRegister() {
        AppLayerTxMatch: Some(rfb_sec_result_match),
        Setup: Some(rfb_sec_result_setup),
        Free: Some(rfb_sec_result_free),
-        flags: SIGMATCH_INFO_UINT32,
+        flags: SIGMATCH_INFO_UINT32 | SIGMATCH_INFO_ENUM_UINT,
    };
    G_RFB_SEC_RESULT_KW_ID = SCDetectHelperKeywordRegister(&kw);
    G_RFB_SEC_RESULT_BUFFER_ID = SCDetectHelperBufferRegister(
--- a/rust/src/websocket/detect.rs
+++ b/rust/src/websocket/detect.rs
@ -22,8 +22,8 @@ use crate::detect::uint::{
    SCDetectU32Match, SCDetectU32Parse, SCDetectU8Free, SCDetectU8Match,
 };
 use crate::detect::{
-    helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_UINT32,
-    SIGMATCH_INFO_UINT8,
+    helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT,
+    SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8,
 };
 use crate::websocket::parser::WebSocketOpcode;
 use suricata_sys::sys::{
@ -276,7 +276,7 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() {
        AppLayerTxMatch: Some(websocket_detect_opcode_match),
        Setup: Some(websocket_detect_opcode_setup),
        Free: Some(websocket_detect_opcode_free),
-        flags: SIGMATCH_INFO_UINT8,
+        flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_ENUM_UINT,
    };
    G_WEBSOCKET_OPCODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
    G_WEBSOCKET_OPCODE_BUFFER_ID = SCDetectHelperBufferRegister(
--- a/src/detect-engine-register.c
+++ b/src/detect-engine-register.c
@ -335,36 +335,22 @@ static void PrintFeatureList(const SigTableElmt *e, char sep)
        printf("multi buffer");
        prev = 1;
    }
-    if (flags & SIGMATCH_INFO_UINT8) {
+    if (flags & (SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_UINT32 |
+                        SIGMATCH_INFO_UINT64)) {
        if (prev == 1)
            printf("%c", sep);
        if (flags & SIGMATCH_INFO_MULTI_UINT)
            printf("multi ");
-        printf("uint8");
-        prev = 1;
-    }
-    if (flags & SIGMATCH_INFO_UINT16) {
-        if (prev == 1)
-            printf("%c", sep);
-        if (flags & SIGMATCH_INFO_MULTI_UINT)
-            printf("multi ");
-        printf("uint16");
-        prev = 1;
-    }
-    if (flags & SIGMATCH_INFO_UINT32) {
-        if (prev == 1)
-            printf("%c", sep);
-        if (flags & SIGMATCH_INFO_MULTI_UINT)
-            printf("multi ");
-        printf("uint32");
-        prev = 1;
-    }
-    if (flags & SIGMATCH_INFO_UINT64) {
-        if (prev == 1)
-            printf("%c", sep);
-        if (flags & SIGMATCH_INFO_MULTI_UINT)
-            printf("multi ");
-        printf("uint64");
+        if (flags & SIGMATCH_INFO_ENUM_UINT)
+            printf("enum ");
+        if (flags & SIGMATCH_INFO_UINT8)
+            printf("uint8");
+        if (flags & SIGMATCH_INFO_UINT16)
+            printf("uint16");
+        if (flags & SIGMATCH_INFO_UINT32)
+            printf("uint32");
+        if (flags & SIGMATCH_INFO_UINT64)
+            printf("uint64");
        prev = 1;
    }
    if (e->Transform) {
--- a/src/detect.h
+++ b/src/detect.h
@ -1692,6 +1692,8 @@ typedef struct SigGroupHead_ {
 #define SIGMATCH_INFO_UINT64 BIT_U32(18)
 /** keyword is a multi uint */
 #define SIGMATCH_INFO_MULTI_UINT BIT_U32(19)
+/** keyword is an uint with enumeration stringer */
+#define SIGMATCH_INFO_ENUM_UINT BIT_U32(20)

 enum DetectEngineTenantSelectors
 {