From: Shivani Bhardwaj Date: Thu, 16 Nov 2023 08:11:39 +0000 (+0530) Subject: detect: rename whitelist to score X-Git-Tag: suricata-8.0.0-beta1~1987 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b73a17bb04b04f5166a7a9cb4947ff1ea5592c5;p=thirdparty%2Fsuricata.git detect: rename whitelist to score The term "whitelist" is actually used to store a list of DetectPort type items for tcp and udp in detect.h. Using the same term for also keeping the score that affects the grouping of rules is confusing. So, rename the variable to "score". --- diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst index 991e55ae75..e35a596a40 100644 --- a/doc/userguide/upgrade.rst +++ b/doc/userguide/upgrade.rst @@ -34,6 +34,10 @@ also check all the new features that have been added but are not covered by this guide. Those features are either not enabled by default or require dedicated new configuration. +Upgrading 7.0 to 8.0 +-------------------- +.. note:: ``stats.whitelist`` has been renamed to ``stats.score`` in ``eve.json`` + Upgrading 6.0 to 7.0 -------------------- diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c index 05f93169d1..e9711eddab 100644 --- a/src/detect-engine-build.c +++ b/src/detect-engine-build.c @@ -877,7 +877,7 @@ static json_t *RulesGroupPrintSghStats(const DetectEngineCtx *de_ctx, const SigG } json_object_set_new(js, "stats", stats); - json_object_set_new(js, "whitelist", json_integer(sgh->init->whitelist)); + json_object_set_new(js, "score", json_integer(sgh->init->score)); return js; } @@ -1147,7 +1147,7 @@ static int RuleSetWhitelist(Signature *s) } } - s->init_data->whitelist = wl; + s->init_data->score = wl; return wl; } @@ -1198,7 +1198,7 @@ static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, uint8_t ipproto, u goto next; } - int wl = s->init_data->whitelist; + int wl = s->init_data->score; while (p) { int pwl = PortIsWhitelisted(de_ctx, p, ipproto) ? 111 : 0; pwl = MAX(wl,pwl); @@ -1206,12 +1206,12 @@ static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, uint8_t ipproto, u DetectPort *lookup = DetectPortHashLookup(de_ctx, p); if (lookup) { SigGroupHeadAppendSig(de_ctx, &lookup->sh, s); - lookup->sh->init->whitelist = MAX(lookup->sh->init->whitelist, pwl); + lookup->sh->init->score = MAX(lookup->sh->init->score, pwl); } else { DetectPort *tmp2 = DetectPortCopySingle(de_ctx, p); BUG_ON(tmp2 == NULL); SigGroupHeadAppendSig(de_ctx, &tmp2->sh, s); - tmp2->sh->init->whitelist = pwl; + tmp2->sh->init->score = pwl; DetectPortHashAdd(de_ctx, tmp2); } @@ -1519,7 +1519,7 @@ error: static int PortGroupWhitelist(const DetectPort *a) { - return a->sh->init->whitelist; + return a->sh->init->score; } int CreateGroupedPortListCmpCnt(DetectPort *a, DetectPort *b) diff --git a/src/detect-engine-siggroup.c b/src/detect-engine-siggroup.c index 36df347a50..b063fda8a6 100644 --- a/src/detect-engine-siggroup.c +++ b/src/detect-engine-siggroup.c @@ -402,8 +402,8 @@ int SigGroupHeadCopySigs(DetectEngineCtx *de_ctx, SigGroupHead *src, SigGroupHea for (idx = 0; idx < src->init->sig_size; idx++) (*dst)->init->sig_array[idx] = (*dst)->init->sig_array[idx] | src->init->sig_array[idx]; - if (src->init->whitelist) - (*dst)->init->whitelist = MAX((*dst)->init->whitelist, src->init->whitelist); + if (src->init->score) + (*dst)->init->score = MAX((*dst)->init->score, src->init->score); return 0; diff --git a/src/detect.h b/src/detect.h index 53ca2b0931..90ac0d7206 100644 --- a/src/detect.h +++ b/src/detect.h @@ -561,7 +561,7 @@ typedef struct SignatureInitData_ { /** score to influence rule grouping. A higher value leads to a higher * likelihood of a rulegroup with this sig ending up as a contained * group. */ - int whitelist; + int score; /** address settings for this signature */ const DetectAddressHead *src, *dst; @@ -1413,7 +1413,7 @@ typedef struct SigGroupHeadInitData_ { uint8_t protos[256]; /**< proto(s) this sgh is for */ uint32_t direction; /**< set to SIG_FLAG_TOSERVER, SIG_FLAG_TOCLIENT or both */ - int whitelist; /**< try to make this group a unique one */ + int score; /**< try to make this group a unique one */ MpmCtx **app_mpms; MpmCtx **pkt_mpms;