diff --git a/src/detect-engine-sigorder.c b/src/detect-engine-sigorder.c index 28bfd71569dc..4a4ad1de9cd0 100644 --- a/src/detect-engine-sigorder.c +++ b/src/detect-engine-sigorder.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2013 Open Information Security Foundation +/* Copyright (C) 2007-2024 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -66,6 +66,44 @@ #define DETECT_XBITS_TYPE_SET_READ 3 #define DETECT_XBITS_TYPE_SET 4 +/** + * \brief Different kinds of helper data that can be used by the signature + * ordering module. Used by the "user" field in SCSigSignatureWrapper + */ +typedef enum { + DETECT_SIGORDER_FLOWBITS, + DETECT_SIGORDER_FLOWVAR, + DETECT_SIGORDER_PKTVAR, + DETECT_SIGORDER_FLOWINT, + DETECT_SIGORDER_HOSTBITS, + DETECT_SIGORDER_IPPAIRBITS, + DETECT_SIGORDER_MAX +} DetectSigorderUserDataType; + +/** + * \brief Signature wrapper used by signature ordering module while ordering + * signatures + */ +typedef struct SCSigSignatureWrapper_ { + /* the wrapped signature */ + Signature *sig; + + /* user data that is to be associated with this sigwrapper */ + int user[DETECT_SIGORDER_MAX]; + + struct SCSigSignatureWrapper_ *next; +} SCSigSignatureWrapper; + +/** + * \brief Structure holding the signature ordering function used by the + * signature ordering module + */ +typedef struct SCSigOrderFunc_ { + /* Pointer to the Signature Ordering function */ + int (*SWCompare)(SCSigSignatureWrapper *sw1, SCSigSignatureWrapper *sw2); + + struct SCSigOrderFunc_ *next; +} SCSigOrderFunc; /** * \brief Registers a keyword-based, signature ordering function @@ -439,7 +477,7 @@ static inline int SCSigGetXbitsType(Signature *sig, enum VarTypes type) */ static inline void SCSigProcessUserDataForFlowbits(SCSigSignatureWrapper *sw) { - sw->user[SC_RADIX_USER_DATA_FLOWBITS] = SCSigGetFlowbitsType(sw->sig); + sw->user[DETECT_SIGORDER_FLOWBITS] = SCSigGetFlowbitsType(sw->sig); } /** @@ -451,12 +489,12 @@ static inline void SCSigProcessUserDataForFlowbits(SCSigSignatureWrapper *sw) */ static inline void SCSigProcessUserDataForFlowvar(SCSigSignatureWrapper *sw) { - sw->user[SC_RADIX_USER_DATA_FLOWVAR] = SCSigGetFlowvarType(sw->sig); + sw->user[DETECT_SIGORDER_FLOWVAR] = SCSigGetFlowvarType(sw->sig); } static inline void SCSigProcessUserDataForFlowint(SCSigSignatureWrapper *sw) { - sw->user[SC_RADIX_USER_DATA_FLOWINT] = SCSigGetFlowintType(sw->sig); + sw->user[DETECT_SIGORDER_FLOWINT] = SCSigGetFlowintType(sw->sig); } /** @@ -468,7 +506,7 @@ static inline void SCSigProcessUserDataForFlowint(SCSigSignatureWrapper *sw) */ static inline void SCSigProcessUserDataForPktvar(SCSigSignatureWrapper *sw) { - sw->user[SC_RADIX_USER_DATA_PKTVAR] = SCSigGetPktvarType(sw->sig); + sw->user[DETECT_SIGORDER_PKTVAR] = SCSigGetPktvarType(sw->sig); } /** @@ -480,7 +518,7 @@ static inline void SCSigProcessUserDataForPktvar(SCSigSignatureWrapper *sw) */ static inline void SCSigProcessUserDataForHostbits(SCSigSignatureWrapper *sw) { - sw->user[SC_RADIX_USER_DATA_HOSTBITS] = SCSigGetXbitsType(sw->sig, VAR_TYPE_HOST_BIT); + sw->user[DETECT_SIGORDER_HOSTBITS] = SCSigGetXbitsType(sw->sig, VAR_TYPE_HOST_BIT); } /** @@ -492,7 +530,7 @@ static inline void SCSigProcessUserDataForHostbits(SCSigSignatureWrapper *sw) */ static inline void SCSigProcessUserDataForIPPairbits(SCSigSignatureWrapper *sw) { - sw->user[SC_RADIX_USER_DATA_IPPAIRBITS] = SCSigGetXbitsType(sw->sig, VAR_TYPE_IPPAIR_BIT); + sw->user[DETECT_SIGORDER_IPPAIRBITS] = SCSigGetXbitsType(sw->sig, VAR_TYPE_IPPAIR_BIT); } /* Return 1 if sw1 comes before sw2 in the final list. */ @@ -609,8 +647,7 @@ static int SCSigOrderByActionCompare(SCSigSignatureWrapper *sw1, static int SCSigOrderByFlowbitsCompare(SCSigSignatureWrapper *sw1, SCSigSignatureWrapper *sw2) { - return sw1->user[SC_RADIX_USER_DATA_FLOWBITS] - - sw2->user[SC_RADIX_USER_DATA_FLOWBITS]; + return sw1->user[DETECT_SIGORDER_FLOWBITS] - sw2->user[DETECT_SIGORDER_FLOWBITS]; } /** @@ -623,8 +660,7 @@ static int SCSigOrderByFlowbitsCompare(SCSigSignatureWrapper *sw1, static int SCSigOrderByFlowvarCompare(SCSigSignatureWrapper *sw1, SCSigSignatureWrapper *sw2) { - return sw1->user[SC_RADIX_USER_DATA_FLOWVAR] - - sw2->user[SC_RADIX_USER_DATA_FLOWVAR]; + return sw1->user[DETECT_SIGORDER_FLOWVAR] - sw2->user[DETECT_SIGORDER_FLOWVAR]; } /** @@ -637,15 +673,13 @@ static int SCSigOrderByFlowvarCompare(SCSigSignatureWrapper *sw1, static int SCSigOrderByPktvarCompare(SCSigSignatureWrapper *sw1, SCSigSignatureWrapper *sw2) { - return sw1->user[SC_RADIX_USER_DATA_PKTVAR] - - sw2->user[SC_RADIX_USER_DATA_PKTVAR]; + return sw1->user[DETECT_SIGORDER_PKTVAR] - sw2->user[DETECT_SIGORDER_PKTVAR]; } static int SCSigOrderByFlowintCompare(SCSigSignatureWrapper *sw1, SCSigSignatureWrapper *sw2) { - return sw1->user[SC_RADIX_USER_DATA_FLOWINT] - - sw2->user[SC_RADIX_USER_DATA_FLOWINT]; + return sw1->user[DETECT_SIGORDER_FLOWINT] - sw2->user[DETECT_SIGORDER_FLOWINT]; } /** @@ -658,8 +692,7 @@ static int SCSigOrderByFlowintCompare(SCSigSignatureWrapper *sw1, static int SCSigOrderByHostbitsCompare(SCSigSignatureWrapper *sw1, SCSigSignatureWrapper *sw2) { - return sw1->user[SC_RADIX_USER_DATA_HOSTBITS] - - sw2->user[SC_RADIX_USER_DATA_HOSTBITS]; + return sw1->user[DETECT_SIGORDER_HOSTBITS] - sw2->user[DETECT_SIGORDER_HOSTBITS]; } /** @@ -672,8 +705,7 @@ static int SCSigOrderByHostbitsCompare(SCSigSignatureWrapper *sw1, static int SCSigOrderByIPPairbitsCompare(SCSigSignatureWrapper *sw1, SCSigSignatureWrapper *sw2) { - return sw1->user[SC_RADIX_USER_DATA_IPPAIRBITS] - - sw2->user[SC_RADIX_USER_DATA_IPPAIRBITS]; + return sw1->user[DETECT_SIGORDER_IPPAIRBITS] - sw2->user[DETECT_SIGORDER_IPPAIRBITS]; } /** diff --git a/src/detect-engine-sigorder.h b/src/detect-engine-sigorder.h index d45a4e443ff9..d859846c629e 100644 --- a/src/detect-engine-sigorder.h +++ b/src/detect-engine-sigorder.h @@ -24,45 +24,6 @@ #ifndef SURICATA_DETECT_ENGINE_SIGORDER_H #define SURICATA_DETECT_ENGINE_SIGORDER_H -/** - * \brief Different kinds of helper data that can be used by the signature - * ordering module. Used by the "user" field in SCSigSignatureWrapper - */ -typedef enum{ - SC_RADIX_USER_DATA_FLOWBITS, - SC_RADIX_USER_DATA_FLOWVAR, - SC_RADIX_USER_DATA_PKTVAR, - SC_RADIX_USER_DATA_FLOWINT, - SC_RADIX_USER_DATA_HOSTBITS, - SC_RADIX_USER_DATA_IPPAIRBITS, - SC_RADIX_USER_DATA_MAX -} SCRadixUserDataType; - -/** - * \brief Signature wrapper used by signature ordering module while ordering - * signatures - */ -typedef struct SCSigSignatureWrapper_ { - /* the wrapped signature */ - Signature *sig; - - /* user data that is to be associated with this sigwrapper */ - int user[SC_RADIX_USER_DATA_MAX]; - - struct SCSigSignatureWrapper_ *next; -} SCSigSignatureWrapper; - -/** - * \brief Structure holding the signature ordering function used by the - * signature ordering module - */ -typedef struct SCSigOrderFunc_ { - /* Pointer to the Signature Ordering function */ - int (*SWCompare)(SCSigSignatureWrapper *sw1, SCSigSignatureWrapper *sw2); - - struct SCSigOrderFunc_ *next; -} SCSigOrderFunc; - void SCSigOrderSignatures(DetectEngineCtx *); void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *); void SCSigRegisterSignatureOrderingTests(void); diff --git a/src/detect.h b/src/detect.h index d71764fa7d08..4c22f509a3f3 100644 --- a/src/detect.h +++ b/src/detect.h @@ -53,9 +53,8 @@ // tx_id value to use when there is no transaction #define PACKET_ALERT_NOTX UINT64_MAX -/* forward declarations for the structures from detect-engine-sigorder.h */ +/* forward declaration for sigorder logic in detect-engine-sigorder.[ch] */ struct SCSigOrderFunc_; -struct SCSigSignatureWrapper_; /* Forward declarations for structures from Rust. */ typedef struct SCDetectRequiresStatus SCDetectRequiresStatus;