detect/datasets: implement unset command

author Philippe Antoine <pantoine@oisf.net>

Mon, 12 Aug 2024 07:54:43 +0000 (09:54 +0200)

committer Victor Julien <victor@inliniac.net>

Mon, 23 Sep 2024 16:59:29 +0000 (18:59 +0200)
author Philippe Antoine <pantoine@oisf.net>
Mon, 12 Aug 2024 07:54:43 +0000 (09:54 +0200)
committer Victor Julien <victor@inliniac.net>
Mon, 23 Sep 2024 16:59:29 +0000 (18:59 +0200)
diff --git a/doc/userguide/rules/datasets.rst b/doc/userguide/rules/datasets.rst

index 069ee72aeb9a95598a48e7fac7cc6e68b1f4fc94..bf6ab9b1edd36296cdf29c6749f33527e2a05015 100644 (file)
--- a/doc/userguide/rules/datasets.rst
+++ b/doc/userguide/rules/datasets.rst
@@ -78,7 +78,7 @@ Syntax::
  
      dataset:<cmd>,<name>,<options>;
  
-    dataset:<set|isset|isnotset>,<name> \
+    dataset:<set|unset|isset|isnotset>,<name> \
          [, type <string|md5|sha256|ipv4|ip>, save <file name>, load <file name>, state <file name>, memcap <size>, hashsize <size>];
  
  type <type>
diff --git a/src/datasets.c b/src/datasets.c

index 9d08c3ed02288e7f223403e28280936b59429702..402c7d34fe994f77ce4ef47bea9a31d279615866 100644 (file)
--- a/src/datasets.c
+++ b/src/datasets.c
@@ -1751,3 +1751,23 @@ int DatasetRemoveSerialized(Dataset *set, const char *string)
      return DatasetOpSerialized(set, string, DatasetRemoveString, DatasetRemoveMd5,
              DatasetRemoveSha256, DatasetRemoveIPv4, DatasetRemoveIPv6);
  }
+
+int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len)
+{
+    if (set == NULL)
+        return -1;
+
+    switch (set->type) {
+        case DATASET_TYPE_STRING:
+            return DatasetRemoveString(set, data, data_len);
+        case DATASET_TYPE_MD5:
+            return DatasetRemoveMd5(set, data, data_len);
+        case DATASET_TYPE_SHA256:
+            return DatasetRemoveSha256(set, data, data_len);
+        case DATASET_TYPE_IPV4:
+            return DatasetRemoveIPv4(set, data, data_len);
+        case DATASET_TYPE_IPV6:
+            return DatasetRemoveIPv6(set, data, data_len);
+    }
+    return -1;
+}
diff --git a/src/datasets.h b/src/datasets.h

index 78602548ca7e8848039cae25f43ad6139e3f6a96..86bfed02b22fe6bfd046592e5e315d95534b00f1 100644 (file)
--- a/src/datasets.h
+++ b/src/datasets.h
@@ -56,6 +56,7 @@ Dataset *DatasetFind(const char *name, enum DatasetTypes type);
  Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load,
          uint64_t memcap, uint32_t hashsize);
  int DatasetAdd(Dataset *set, const uint8_t *data, const uint32_t data_len);
+int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len);
  int DatasetLookup(Dataset *set, const uint8_t *data, const uint32_t data_len);
  DataRepResultType DatasetLookupwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
          const DataRepType *rep);
diff --git a/src/detect-dataset.c b/src/detect-dataset.c

index 5e96b9f27d18f3a1eecf312edef2c6c675c434f5..7dacc630b8fdc2be39659fa166fbc12f8e7edff1 100644 (file)
--- a/src/detect-dataset.c
+++ b/src/detect-dataset.c
@@ -96,6 +96,12 @@ int DetectDatasetBufferMatch(DetectEngineThreadCtx *det_ctx,
                  return 1;
              break;
          }
+        case DETECT_DATASET_CMD_UNSET: {
+            int r = DatasetRemove(sd->set, data, data_len);
+            if (r == 1)
+                return 1;
+            break;
+        }
          default:
              abort();
      }
author	Philippe Antoine <pantoine@oisf.net>
	Mon, 12 Aug 2024 07:54:43 +0000 (09:54 +0200)
committer	Victor Julien <victor@inliniac.net>
	Mon, 23 Sep 2024 16:59:29 +0000 (18:59 +0200)
doc/userguide/rules/datasets.rst		patch \| blob \| blame \| history
src/datasets.c		patch \| blob \| blame \| history
src/datasets.h		patch \| blob \| blame \| history
src/detect-dataset.c		patch \| blob \| blame \| history