detect: rename whitelist to score

author Shivani Bhardwaj <shivani@oisf.net>

Thu, 16 Nov 2023 08:11:39 +0000 (13:41 +0530)

committer Victor Julien <victor@inliniac.net>

Tue, 5 Dec 2023 10:33:09 +0000 (11:33 +0100)
author Shivani Bhardwaj <shivani@oisf.net>
Thu, 16 Nov 2023 08:11:39 +0000 (13:41 +0530)
committer Victor Julien <victor@inliniac.net>
Tue, 5 Dec 2023 10:33:09 +0000 (11:33 +0100)
diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst

index 991e55ae75c1f8d005bcd7caf1b8f542b91d1027..e35a596a407bacda7b71009587ebf08419eacc5f 100644 (file)
--- a/doc/userguide/upgrade.rst
+++ b/doc/userguide/upgrade.rst
@@ -34,6 +34,10 @@ also check all the new features that have been added but are not covered by
  this guide. Those features are either not enabled by default or require
  dedicated new configuration.
  
+Upgrading 7.0 to 8.0
+--------------------
+.. note:: ``stats.whitelist`` has been renamed to ``stats.score`` in ``eve.json``
+
  Upgrading 6.0 to 7.0
  --------------------
  
diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c

index 05f93169d142c56f2684fb9e9e82daa7a5247dcb..e9711eddaba2920d9554e9fc2a0c7eb32ab180bc 100644 (file)
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -877,7 +877,7 @@ static json_t *RulesGroupPrintSghStats(const DetectEngineCtx *de_ctx, const SigG
      }
      json_object_set_new(js, "stats", stats);
  
-    json_object_set_new(js, "whitelist", json_integer(sgh->init->whitelist));
+    json_object_set_new(js, "score", json_integer(sgh->init->score));
  
      return js;
  }
@@ -1147,7 +1147,7 @@ static int RuleSetWhitelist(Signature *s)
          }
      }
  
-    s->init_data->whitelist = wl;
+    s->init_data->score = wl;
      return wl;
  }
  
@@ -1198,7 +1198,7 @@ static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, uint8_t ipproto, u
              goto next;
          }
  
-        int wl = s->init_data->whitelist;
+        int wl = s->init_data->score;
          while (p) {
              int pwl = PortIsWhitelisted(de_ctx, p, ipproto) ? 111 : 0;
              pwl = MAX(wl,pwl);
@@ -1206,12 +1206,12 @@ static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, uint8_t ipproto, u
              DetectPort *lookup = DetectPortHashLookup(de_ctx, p);
              if (lookup) {
                  SigGroupHeadAppendSig(de_ctx, &lookup->sh, s);
-                lookup->sh->init->whitelist = MAX(lookup->sh->init->whitelist, pwl);
+                lookup->sh->init->score = MAX(lookup->sh->init->score, pwl);
              } else {
                  DetectPort *tmp2 = DetectPortCopySingle(de_ctx, p);
                  BUG_ON(tmp2 == NULL);
                  SigGroupHeadAppendSig(de_ctx, &tmp2->sh, s);
-                tmp2->sh->init->whitelist = pwl;
+                tmp2->sh->init->score = pwl;
                  DetectPortHashAdd(de_ctx, tmp2);
              }
  
@@ -1519,7 +1519,7 @@ error:
  
  static int PortGroupWhitelist(const DetectPort *a)
  {
-    return a->sh->init->whitelist;
+    return a->sh->init->score;
  }
  
  int CreateGroupedPortListCmpCnt(DetectPort *a, DetectPort *b)
diff --git a/src/detect-engine-siggroup.c b/src/detect-engine-siggroup.c

index 36df347a503cf4fc385b26cd100dd9768126c844..b063fda8a614e8f10225dd367f2806183acbbdd0 100644 (file)
--- a/src/detect-engine-siggroup.c
+++ b/src/detect-engine-siggroup.c
@@ -402,8 +402,8 @@ int SigGroupHeadCopySigs(DetectEngineCtx *de_ctx, SigGroupHead *src, SigGroupHea
      for (idx = 0; idx < src->init->sig_size; idx++)
          (*dst)->init->sig_array[idx] = (*dst)->init->sig_array[idx] | src->init->sig_array[idx];
  
-    if (src->init->whitelist)
-        (*dst)->init->whitelist = MAX((*dst)->init->whitelist, src->init->whitelist);
+    if (src->init->score)
+        (*dst)->init->score = MAX((*dst)->init->score, src->init->score);
  
      return 0;
  
diff --git a/src/detect.h b/src/detect.h

index 53ca2b0931f6c1566a0389c91bf7fa2ee15702c2..90ac0d7206a6d10d83106783f687d1bfc98287cf 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -561,7 +561,7 @@ typedef struct SignatureInitData_ {
      /** score to influence rule grouping. A higher value leads to a higher
       *  likelihood of a rulegroup with this sig ending up as a contained
       *  group. */
-    int whitelist;
+    int score;
  
      /** address settings for this signature */
      const DetectAddressHead *src, *dst;
@@ -1413,7 +1413,7 @@ typedef struct SigGroupHeadInitData_ {
  
      uint8_t protos[256];    /**< proto(s) this sgh is for */
      uint32_t direction;     /**< set to SIG_FLAG_TOSERVER, SIG_FLAG_TOCLIENT or both */
-    int whitelist;          /**< try to make this group a unique one */
+    int score;              /**< try to make this group a unique one */
  
      MpmCtx **app_mpms;
      MpmCtx **pkt_mpms;
author	Shivani Bhardwaj <shivani@oisf.net>
	Thu, 16 Nov 2023 08:11:39 +0000 (13:41 +0530)
committer	Victor Julien <victor@inliniac.net>
	Tue, 5 Dec 2023 10:33:09 +0000 (11:33 +0100)
doc/userguide/upgrade.rst		patch \| blob \| blame \| history
src/detect-engine-build.c		patch \| blob \| blame \| history
src/detect-engine-siggroup.c		patch \| blob \| blame \| history
src/detect.h		patch \| blob \| blame \| history