firewall: detect: set firewall support flag on select keywords

diff --git a/src/detect-app-layer-protocol.c b/src/detect-app-layer-protocol.c
index 96270318f3f226f08dcbdf51f50d8e2c4d55b554..b95d099db5e1f6c564cb68dda63a23a62e0de455 100644 (file)
--- a/src/detect-app-layer-protocol.c
+++ b/src/detect-app-layer-protocol.c
@@ -357,7 +357,7 @@ void DetectAppLayerProtocolRegister(void)
     sigmatch_table[DETECT_APP_LAYER_PROTOCOL].RegisterTests = DetectAppLayerProtocolRegisterTests;
 #endif
     sigmatch_table[DETECT_APP_LAYER_PROTOCOL].flags =
-            (SIGMATCH_QUOTES_OPTIONAL | SIGMATCH_HANDLE_NEGATION);
+            (SIGMATCH_QUOTES_OPTIONAL | SIGMATCH_HANDLE_NEGATION | SIGMATCH_SUPPORT_FIREWALL);
 
     sigmatch_table[DETECT_APP_LAYER_PROTOCOL].SetupPrefilter = PrefilterSetupAppProto;
     sigmatch_table[DETECT_APP_LAYER_PROTOCOL].SupportsPrefilter = PrefilterAppProtoIsPrefilterable;

diff --git a/src/detect-bsize.c b/src/detect-bsize.c
index 2fea92abbcf81cfec2ee8b66fc537dfe8870f8cb..c007960a5720928d641764c4a99ae6f9d883b656 100644 (file)
--- a/src/detect-bsize.c
+++ b/src/detect-bsize.c
@@ -103,6 +103,7 @@ void DetectBsizeRegister(void)
     sigmatch_table[DETECT_BSIZE].Match = NULL;
     sigmatch_table[DETECT_BSIZE].Setup = DetectBsizeSetup;
     sigmatch_table[DETECT_BSIZE].Free = DetectBsizeFree;
+    sigmatch_table[DETECT_BSIZE].flags = SIGMATCH_SUPPORT_FIREWALL;
 #ifdef UNITTESTS
     sigmatch_table[DETECT_BSIZE].RegisterTests = DetectBsizeRegisterTests;
 #endif

diff --git a/src/detect-content.c b/src/detect-content.c
index 91ff95f295428fc1749ebe1e1f95497b0d2a1248..7e35c60770f0fea6dae93d9c5e7907da1310baa5 100644 (file)
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -66,7 +66,8 @@ void DetectContentRegister (void)
 #ifdef UNITTESTS
     sigmatch_table[DETECT_CONTENT].RegisterTests = DetectContentRegisterTests;
 #endif
-    sigmatch_table[DETECT_CONTENT].flags = (SIGMATCH_QUOTES_MANDATORY|SIGMATCH_HANDLE_NEGATION);
+    sigmatch_table[DETECT_CONTENT].flags =
+            (SIGMATCH_QUOTES_MANDATORY | SIGMATCH_HANDLE_NEGATION | SIGMATCH_SUPPORT_FIREWALL);
 }
 
 /**

diff --git a/src/detect-dsize.c b/src/detect-dsize.c
index 15859ff1f39599fdfededc741add92fc6c6ec428..1aae09e896bb27f5e4da32a6749d3341483307d6 100644 (file)
--- a/src/detect-dsize.c
+++ b/src/detect-dsize.c
@@ -66,6 +66,7 @@ void DetectDsizeRegister (void)
     sigmatch_table[DETECT_DSIZE].Match = DetectDsizeMatch;
     sigmatch_table[DETECT_DSIZE].Setup = DetectDsizeSetup;
     sigmatch_table[DETECT_DSIZE].Free  = DetectDsizeFree;
+    sigmatch_table[DETECT_DSIZE].flags = SIGMATCH_SUPPORT_FIREWALL;
 #ifdef UNITTESTS
     sigmatch_table[DETECT_DSIZE].RegisterTests = DsizeRegisterTests;
 #endif

diff --git a/src/detect-flow.c b/src/detect-flow.c
index cf267a6e0ebdc75f7a159726267b532956541396..d970f06854a856369d3743c9c400f31b691060fc 100644 (file)
--- a/src/detect-flow.c
+++ b/src/detect-flow.c
@@ -70,6 +70,7 @@ void DetectFlowRegister (void)
     sigmatch_table[DETECT_FLOW].Match = DetectFlowMatch;
     sigmatch_table[DETECT_FLOW].Setup = DetectFlowSetup;
     sigmatch_table[DETECT_FLOW].Free  = DetectFlowFree;
+    sigmatch_table[DETECT_FLOW].flags = SIGMATCH_SUPPORT_FIREWALL;
 #ifdef UNITTESTS
     sigmatch_table[DETECT_FLOW].RegisterTests = DetectFlowRegisterTests;
 #endif

diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c
index 79f3bb88065b89e8eac6fdfaf6e744c7c255fd70..290f46e696d5c9a829b3f145ff4f0969ef34ee93 100644 (file)
--- a/src/detect-flowbits.c
+++ b/src/detect-flowbits.c
@@ -79,7 +79,7 @@ void DetectFlowbitsRegister (void)
     sigmatch_table[DETECT_FLOWBITS].RegisterTests = FlowBitsRegisterTests;
 #endif
     /* this is compatible to ip-only signatures */
-    sigmatch_table[DETECT_FLOWBITS].flags |= SIGMATCH_IPONLY_COMPAT;
+    sigmatch_table[DETECT_FLOWBITS].flags |= (SIGMATCH_IPONLY_COMPAT | SIGMATCH_SUPPORT_FIREWALL);
 
     sigmatch_table[DETECT_FLOWBITS].SupportsPrefilter = PrefilterFlowbitIsPrefilterable;
     sigmatch_table[DETECT_FLOWBITS].SetupPrefilter = PrefilterSetupFlowbits;

diff --git a/src/detect-itype.c b/src/detect-itype.c
index 28dcfa5f8464c14a440b3ebedf8f081f96f2bee2..201c36ca6c37bdc1f540ffb36996bf6ba930ca9d 100644 (file)
--- a/src/detect-itype.c
+++ b/src/detect-itype.c
@@ -62,6 +62,7 @@ void DetectITypeRegister (void)
     sigmatch_table[DETECT_ITYPE].Match = DetectITypeMatch;
     sigmatch_table[DETECT_ITYPE].Setup = DetectITypeSetup;
     sigmatch_table[DETECT_ITYPE].Free = DetectITypeFree;
+    sigmatch_table[DETECT_ITYPE].flags = SIGMATCH_SUPPORT_FIREWALL;
 #ifdef UNITTESTS
     sigmatch_table[DETECT_ITYPE].RegisterTests = DetectITypeRegisterTests;
 #endif

diff --git a/src/detect-msg.c b/src/detect-msg.c
index 7f67d62497e2e37c02824819a92db0be2a12d99a..7ffcb57f0aae9b770f685a671696bcf5ce8d2579 100644 (file)
--- a/src/detect-msg.c
+++ b/src/detect-msg.c
@@ -50,7 +50,7 @@ void DetectMsgRegister (void)
 #ifdef UNITTESTS
     sigmatch_table[DETECT_MSG].RegisterTests = DetectMsgRegisterTests;
 #endif
-    sigmatch_table[DETECT_MSG].flags = SIGMATCH_QUOTES_MANDATORY;
+    sigmatch_table[DETECT_MSG].flags = (SIGMATCH_QUOTES_MANDATORY | SIGMATCH_SUPPORT_FIREWALL);
 }
 
 static int DetectMsgSetup (DetectEngineCtx *de_ctx, Signature *s, const char *msgstr)

diff --git a/src/detect-sid.c b/src/detect-sid.c
index 971be9df46c91f3b9a8cfdb4aab73d14e1329882..be017e2507fed09170dfbe1a938f12fdef0f115a 100644 (file)
--- a/src/detect-sid.c
+++ b/src/detect-sid.c
@@ -44,6 +44,7 @@ void DetectSidRegister (void)
     sigmatch_table[DETECT_SID].url = "/rules/meta.html#sid-signature-id";
     sigmatch_table[DETECT_SID].Match = NULL;
     sigmatch_table[DETECT_SID].Setup = DetectSidSetup;
+    sigmatch_table[DETECT_SID].flags = SIGMATCH_SUPPORT_FIREWALL;
 #ifdef UNITTESTS
     sigmatch_table[DETECT_SID].RegisterTests = DetectSidRegisterTests;
 #endif

diff --git a/src/detect-tcp-flags.c b/src/detect-tcp-flags.c
index 472ebcad5d7698095dde245b8f75e2346d1ce399..9c3a2260a59e78dd8e71850ac75efd20299b6bf4 100644 (file)
--- a/src/detect-tcp-flags.c
+++ b/src/detect-tcp-flags.c
@@ -82,6 +82,7 @@ void DetectFlagsRegister (void)
     sigmatch_table[DETECT_FLAGS].Match = DetectFlagsMatch;
     sigmatch_table[DETECT_FLAGS].Setup = DetectFlagsSetup;
     sigmatch_table[DETECT_FLAGS].Free  = DetectFlagsFree;
+    sigmatch_table[DETECT_FLAGS].flags = SIGMATCH_SUPPORT_FIREWALL;
 #ifdef UNITTESTS
     sigmatch_table[DETECT_FLAGS].RegisterTests = FlagsRegisterTests;
 #endif

diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c
index 9df017cc820431fc25b7f5b7e185ae6a17b0d96b..1de6d3b9a48adef9329892f399c4d8c5a0f1df54 100644 (file)
--- a/src/detect-tls-version.c
+++ b/src/detect-tls-version.c
@@ -78,6 +78,7 @@ void DetectTlsVersionRegister (void)
     sigmatch_table[DETECT_TLS_VERSION].AppLayerTxMatch = DetectTlsVersionMatch;
     sigmatch_table[DETECT_TLS_VERSION].Setup = DetectTlsVersionSetup;
     sigmatch_table[DETECT_TLS_VERSION].Free = DetectTlsVersionFree;
+    sigmatch_table[DETECT_TLS_VERSION].flags = SIGMATCH_SUPPORT_FIREWALL;
 #ifdef UNITTESTS
     sigmatch_table[DETECT_TLS_VERSION].RegisterTests = DetectTlsVersionRegisterTests;
 #endif

diff --git a/src/detect-xbits.c b/src/detect-xbits.c
index a02a8ea50fc6cffd4b6d64352e68d80d669d714a..50f88144f4f9226ebee2ad40e9b97a4046af2913 100644 (file)
--- a/src/detect-xbits.c
+++ b/src/detect-xbits.c
@@ -83,7 +83,7 @@ void DetectXbitsRegister (void)
     sigmatch_table[DETECT_XBITS].RegisterTests = XBitsRegisterTests;
 #endif
     /* this is compatible to ip-only signatures */
-    sigmatch_table[DETECT_XBITS].flags |= SIGMATCH_IPONLY_COMPAT;
+    sigmatch_table[DETECT_XBITS].flags |= (SIGMATCH_IPONLY_COMPAT | SIGMATCH_SUPPORT_FIREWALL);
 
     DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
 }