From: Victor Julien <vjulien@oisf.net>
Date: Mon, 4 Mar 2024 11:53:35 +0000 (+0100)
Subject: detect: group types used in traffic variables
X-Git-Tag: suricata-8.0.0-beta1~1101
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=022173d7ab29bd202591c477f82f60de02b14758;p=thirdparty%2Fsuricata.git

detect: group types used in traffic variables

Traffic variables (flowvars, flowbits, xbits, etc) use a smaller int for
their type than detection types. As a workaround make sure the values fit
in a uint8_t.
---

diff --git a/src/detect-engine-register.h b/src/detect-engine-register.h
index 94f8de15de..1c7c03bf81 100644
--- a/src/detect-engine-register.h
+++ b/src/detect-engine-register.h
@@ -54,7 +54,18 @@ enum DetectKeywordId {
     DETECT_FLOW,
     /* end prefilter sort */
 
+    /* values used in util-var.c go here, to avoid int overflows
+     * TODO update var logic to use a larger type. */
     DETECT_THRESHOLD,
+    DETECT_FLOWBITS,
+    DETECT_FLOWVAR,
+    DETECT_FLOWVAR_POSTMATCH,
+    DETECT_FLOWINT,
+    DETECT_HOSTBITS,
+    DETECT_XBITS,
+    DETECT_PKTVAR,
+    /* end util-var.c logic */
+
     DETECT_METADATA,
     DETECT_REFERENCE,
     DETECT_TAG,
@@ -82,14 +93,8 @@ enum DetectKeywordId {
     DETECT_ISDATAAT,
     DETECT_ID,
     DETECT_RPC,
-    DETECT_FLOWVAR,
-    DETECT_FLOWVAR_POSTMATCH,
-    DETECT_FLOWINT,
-    DETECT_PKTVAR,
     DETECT_NOALERT,
     DETECT_ALERT,
-    DETECT_FLOWBITS,
-    DETECT_HOSTBITS,
     DETECT_IPV4_CSUM,
     DETECT_TCPV4_CSUM,
     DETECT_TCPV6_CSUM,
@@ -259,7 +264,6 @@ enum DetectKeywordId {
     DETECT_AL_DNP3IND,
     DETECT_AL_DNP3OBJ,
 
-    DETECT_XBITS,
     DETECT_BASE64_DECODE,
     DETECT_BASE64_DATA,