firewall: detect: add feature flag for keywords supporting firewall

diff --git a/src/detect-engine-register.c b/src/detect-engine-register.c
index aedf50a75d30474ea4523c782fe89b093b4cdfa0..784640527c1e157d52a52c33e5d38fdb04a19a56 100644 (file)
--- a/src/detect-engine-register.c
+++ b/src/detect-engine-register.c
@@ -322,6 +322,12 @@ static void PrintFeatureList(const SigTableElmt *e, char sep)
         printf("sticky buffer");
         prev = 1;
     }
+    if (flags & SIGMATCH_SUPPORT_FIREWALL) {
+        if (prev == 1)
+            printf("%c", sep);
+        printf("supports firewall");
+        prev = 1;
+    }
     if (e->Transform) {
         if (prev == 1)
             printf("%c", sep);

diff --git a/src/detect-parse.c b/src/detect-parse.c
index 36ba235a32baed07c4db70dfc5ea8e463370de62..ad7696c731c2090e6675330c979570d379c68825 100644 (file)
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -978,6 +978,10 @@ static int SigParseOptions(DetectEngineCtx *de_ctx, Signature *s, char *optstr,
             goto error;
         }
 
+        if (s->init_data->firewall_rule && (st->flags & SIGMATCH_SUPPORT_FIREWALL) == 0) {
+            SCLogWarning("keyword \'%s\' has not been tested for firewall rules", optname);
+        }
+
         /* see if value is negated */
         if ((st->flags & SIGMATCH_HANDLE_NEGATION) && *ptr == '!') {
             s->init_data->negated = true;

diff --git a/src/detect.h b/src/detect.h
index b65cdaee48f8d9e8b26ece6f667fc2dda5bff113..a663bf07fa85ff0433208f424b5c7b8a26a73861 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -1618,6 +1618,8 @@ typedef struct SigGroupHead_ {
 #define SIGMATCH_INFO_DEPRECATED        BIT_U16(10)
 /** strict parsing is enabled */
 #define SIGMATCH_STRICT_PARSING         BIT_U16(11)
+/** keyword supported by firewall rules */
+#define SIGMATCH_SUPPORT_FIREWALL BIT_U16(12)
 
 enum DetectEngineTenantSelectors
 {