From: Victor Julien Date: Mon, 13 Aug 2018 08:13:53 +0000 (+0200) Subject: detect: use BIT_* macros X-Git-Tag: suricata-4.1.0-rc2~131 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=67c90954c0d7ea8c22fb3483b7ca117a0f720c6c;p=thirdparty%2Fsuricata.git detect: use BIT_* macros Also add notes that when adding flags they should be added to the analyzer as well. --- diff --git a/src/detect-flow.c b/src/detect-flow.c index ad06d9e29a..118ca2af5d 100644 --- a/src/detect-flow.c +++ b/src/detect-flow.c @@ -323,8 +323,8 @@ int DetectFlowSetupImplicit(Signature *s, uint32_t flags) BUG_ON(flags & ~SIG_FLAG_BOTH); BUG_ON((flags & SIG_FLAG_BOTH) == SIG_FLAG_BOTH); - SCLogDebug("want %08x", flags & SIG_FLAG_BOTH); - SCLogDebug("have %08x", s->flags & SIG_FLAG_BOTH); + SCLogDebug("want %08lx", flags & SIG_FLAG_BOTH); + SCLogDebug("have %08lx", s->flags & SIG_FLAG_BOTH); if (flags & SIG_FLAG_TOSERVER) { if ((s->flags & SIG_FLAG_BOTH) == SIG_FLAG_BOTH) { diff --git a/src/detect.h b/src/detect.h index 10746e3ea2..7e431caf5e 100644 --- a/src/detect.h +++ b/src/detect.h @@ -213,47 +213,51 @@ typedef struct DetectPort_ { } DetectPort; /* Signature flags */ -#define SIG_FLAG_SRC_ANY (1) /**< source is any */ -#define SIG_FLAG_DST_ANY (1<<1) /**< destination is any */ -#define SIG_FLAG_SP_ANY (1<<2) /**< source port is any */ -#define SIG_FLAG_DP_ANY (1<<3) /**< destination port is any */ +/** \note: additions should be added to the rule analyzer as well */ -#define SIG_FLAG_NOALERT (1<<4) /**< no alert flag is set */ -#define SIG_FLAG_DSIZE (1<<5) /**< signature has a dsize setting */ -#define SIG_FLAG_APPLAYER (1<<6) /**< signature applies to app layer instead of packets */ -#define SIG_FLAG_IPONLY (1<<7) /**< ip only signature */ +#define SIG_FLAG_SRC_ANY BIT_U32(0) /**< source is any */ +#define SIG_FLAG_DST_ANY BIT_U32(1) /**< destination is any */ +#define SIG_FLAG_SP_ANY BIT_U32(2) /**< source port is any */ +#define SIG_FLAG_DP_ANY BIT_U32(3) /**< destination port is any */ + +#define SIG_FLAG_NOALERT BIT_U32(4) /**< no alert flag is set */ +#define SIG_FLAG_DSIZE BIT_U32(5) /**< signature has a dsize setting */ +#define SIG_FLAG_APPLAYER BIT_U32(6) /**< signature applies to app layer instead of packets */ +#define SIG_FLAG_IPONLY BIT_U32(7) /**< ip only signature */ // vacancy -#define SIG_FLAG_REQUIRE_PACKET (1<<9) /**< signature is requiring packet match */ -#define SIG_FLAG_REQUIRE_STREAM (1<<10) /**< signature is requiring stream match */ +#define SIG_FLAG_REQUIRE_PACKET BIT_U32(9) /**< signature is requiring packet match */ +#define SIG_FLAG_REQUIRE_STREAM BIT_U32(10) /**< signature is requiring stream match */ + +#define SIG_FLAG_MPM_NEG BIT_U32(11) -#define SIG_FLAG_MPM_NEG (1<<11) +#define SIG_FLAG_FLUSH BIT_U32(12) /**< detection logic needs stream flush notification */ -#define SIG_FLAG_FLUSH (1<<12) /**< detection logic needs stream flush notification */ +// vacancies -#define SIG_FLAG_REQUIRE_FLOWVAR (1<<17) /**< signature can only match if a flowbit, flowvar or flowint is available. */ +#define SIG_FLAG_REQUIRE_FLOWVAR BIT_U32(17) /**< signature can only match if a flowbit, flowvar or flowint is available. */ -#define SIG_FLAG_FILESTORE (1<<18) /**< signature has filestore keyword */ +#define SIG_FLAG_FILESTORE BIT_U32(18) /**< signature has filestore keyword */ -#define SIG_FLAG_TOSERVER (1<<19) -#define SIG_FLAG_TOCLIENT (1<<20) +#define SIG_FLAG_TOSERVER BIT_U32(19) +#define SIG_FLAG_TOCLIENT BIT_U32(20) -#define SIG_FLAG_TLSSTORE (1<<21) +#define SIG_FLAG_TLSSTORE BIT_U32(21) -#define SIG_FLAG_BYPASS (1<<22) +#define SIG_FLAG_BYPASS BIT_U32(22) -#define SIG_FLAG_PREFILTER (1<<23) /**< sig is part of a prefilter engine */ +#define SIG_FLAG_PREFILTER BIT_U32(23) /**< sig is part of a prefilter engine */ /** Proto detect only signature. * Inspected once per direction when protocol detection is done. */ -#define SIG_FLAG_PDONLY (1<<24) +#define SIG_FLAG_PDONLY BIT_U32(24) /** Info for Source and Target identification */ -#define SIG_FLAG_SRC_IS_TARGET (1<<25) +#define SIG_FLAG_SRC_IS_TARGET BIT_U32(25) /** Info for Source and Target identification */ -#define SIG_FLAG_DEST_IS_TARGET (1<<26) +#define SIG_FLAG_DEST_IS_TARGET BIT_U32(26) -#define SIG_FLAG_HAS_TARGET (SIG_FLAG_DEST_IS_TARGET|SIG_FLAG_SRC_IS_TARGET) +#define SIG_FLAG_HAS_TARGET (SIG_FLAG_DEST_IS_TARGET|SIG_FLAG_SRC_IS_TARGET) /* signature init flags */ #define SIG_FLAG_INIT_DEONLY (1<<0) /**< decode event only signature */ @@ -266,13 +270,15 @@ typedef struct DetectPort_ { #define SIG_FLAG_INIT_NEED_FLUSH (1<<7) /* signature mask flags */ -#define SIG_MASK_REQUIRE_PAYLOAD (1<<0) -#define SIG_MASK_REQUIRE_FLOW (1<<1) -#define SIG_MASK_REQUIRE_FLAGS_INITDEINIT (1<<2) /* SYN, FIN, RST */ -#define SIG_MASK_REQUIRE_FLAGS_UNUSUAL (1<<3) /* URG, ECN, CWR */ -#define SIG_MASK_REQUIRE_NO_PAYLOAD (1<<4) -#define SIG_MASK_REQUIRE_DCERPC (1<<5) /* require either SMB+DCE or raw DCE */ -#define SIG_MASK_REQUIRE_ENGINE_EVENT (1<<7) +/** \note: additions should be added to the rule analyzer as well */ +#define SIG_MASK_REQUIRE_PAYLOAD BIT_U8(0) +#define SIG_MASK_REQUIRE_FLOW BIT_U8(1) +#define SIG_MASK_REQUIRE_FLAGS_INITDEINIT BIT_U8(2) /* SYN, FIN, RST */ +#define SIG_MASK_REQUIRE_FLAGS_UNUSUAL BIT_U8(3) /* URG, ECN, CWR */ +#define SIG_MASK_REQUIRE_NO_PAYLOAD BIT_U8(4) +#define SIG_MASK_REQUIRE_DCERPC BIT_U8(5) /* require either SMB+DCE or raw DCE */ +// vacancy +#define SIG_MASK_REQUIRE_ENGINE_EVENT BIT_U8(7) /* for now a uint8_t is enough */ #define SignatureMask uint8_t