detect/datasets: implement unset command

author Philippe Antoine <pantoine@oisf.net>

Mon, 12 Aug 2024 07:54:43 +0000 (09:54 +0200)

committer Victor Julien <victor@inliniac.net>

Thu, 26 Sep 2024 06:56:15 +0000 (08:56 +0200)
author Philippe Antoine <pantoine@oisf.net>
Mon, 12 Aug 2024 07:54:43 +0000 (09:54 +0200)
committer Victor Julien <victor@inliniac.net>
Thu, 26 Sep 2024 06:56:15 +0000 (08:56 +0200)
diff --git a/doc/userguide/rules/datasets.rst b/doc/userguide/rules/datasets.rst

index 069ee72aeb9a95598a48e7fac7cc6e68b1f4fc94..bf6ab9b1edd36296cdf29c6749f33527e2a05015 100644 (file)
--- a/doc/userguide/rules/datasets.rst
+++ b/doc/userguide/rules/datasets.rst
@@ -78,7 +78,7 @@ Syntax::
  
      dataset:<cmd>,<name>,<options>;
  
-    dataset:<set|isset|isnotset>,<name> \
+    dataset:<set|unset|isset|isnotset>,<name> \
          [, type <string|md5|sha256|ipv4|ip>, save <file name>, load <file name>, state <file name>, memcap <size>, hashsize <size>];
  
  type <type>
diff --git a/src/datasets.c b/src/datasets.c

index 0a288bb980c19d4ede3364c6680a055f9d85cb1a..c7c906b620eb05e9a6fc0f1525a7e0cdd6f16144 100644 (file)
--- a/src/datasets.c
+++ b/src/datasets.c
@@ -1748,3 +1748,23 @@ int DatasetRemoveSerialized(Dataset *set, const char *string)
      return DatasetOpSerialized(set, string, DatasetRemoveString, DatasetRemoveMd5,
              DatasetRemoveSha256, DatasetRemoveIPv4, DatasetRemoveIPv6);
  }
+
+int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len)
+{
+    if (set == NULL)
+        return -1;
+
+    switch (set->type) {
+        case DATASET_TYPE_STRING:
+            return DatasetRemoveString(set, data, data_len);
+        case DATASET_TYPE_MD5:
+            return DatasetRemoveMd5(set, data, data_len);
+        case DATASET_TYPE_SHA256:
+            return DatasetRemoveSha256(set, data, data_len);
+        case DATASET_TYPE_IPV4:
+            return DatasetRemoveIPv4(set, data, data_len);
+        case DATASET_TYPE_IPV6:
+            return DatasetRemoveIPv6(set, data, data_len);
+    }
+    return -1;
+}
diff --git a/src/datasets.h b/src/datasets.h

index af4fc173f1946bab592f2647ebe1b1444db03a78..0f28a9fe0e14393ca88b8a2e1479657f75a9570a 100644 (file)
--- a/src/datasets.h
+++ b/src/datasets.h
@@ -56,6 +56,7 @@ Dataset *DatasetFind(const char *name, enum DatasetTypes type);
  Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load,
          uint64_t memcap, uint32_t hashsize);
  int DatasetAdd(Dataset *set, const uint8_t *data, const uint32_t data_len);
+int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len);
  int DatasetLookup(Dataset *set, const uint8_t *data, const uint32_t data_len);
  DataRepResultType DatasetLookupwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
          const DataRepType *rep);
diff --git a/src/detect-dataset.c b/src/detect-dataset.c

index e174b0ab9056c321b1522cb0be7b45bff1aff80e..7897c15640d0b7ddac58bac2c862b39e78580260 100644 (file)
--- a/src/detect-dataset.c
+++ b/src/detect-dataset.c
@@ -96,6 +96,12 @@ int DetectDatasetBufferMatch(DetectEngineThreadCtx *det_ctx,
                  return 1;
              break;
          }
+        case DETECT_DATASET_CMD_UNSET: {
+            int r = DatasetRemove(sd->set, data, data_len);
+            if (r == 1)
+                return 1;
+            break;
+        }
          default:
              abort();
      }
author	Philippe Antoine <pantoine@oisf.net>
	Mon, 12 Aug 2024 07:54:43 +0000 (09:54 +0200)
committer	Victor Julien <victor@inliniac.net>
	Thu, 26 Sep 2024 06:56:15 +0000 (08:56 +0200)
doc/userguide/rules/datasets.rst		patch \| blob \| blame \| history
src/datasets.c		patch \| blob \| blame \| history
src/datasets.h		patch \| blob \| blame \| history
src/detect-dataset.c		patch \| blob \| blame \| history