From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 7 Jan 2026 11:10:39 +0000 (+0000)
Subject: exporters: Generate unique SIDs for all Suricata rules
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=88fc4f60a5eda0867179dfa6f01ba6d0c8cbf860;p=dbl.git

exporters: Generate unique SIDs for all Suricata rules

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/dnsbl/exporters.py b/src/dnsbl/exporters.py
index e154c14..4970dcf 100644
--- a/src/dnsbl/exporters.py
+++ b/src/dnsbl/exporters.py
@@ -427,6 +427,9 @@ class SuricataRulesExporter(TextExporter):
 		# For example, blocking some advertising has a lower priority than accessing
 		# a malware/phishing domain.
 
+		# Shift the ID of the list to the higher 16 bits and append the offset
+		sid = self.list.id << 16
+
 		rules = {
 			# DNS
 			"dns" : {
@@ -441,7 +444,7 @@ class SuricataRulesExporter(TextExporter):
 				),
 				"classtype" : "policy-violation",
 				"priority"  : "3",
-				"sid"       : "1",
+				"sid"       : sid | 1,
 				"rev"       : "1",
 				"reference" : (
 					"url",
@@ -465,7 +468,7 @@ class SuricataRulesExporter(TextExporter):
 				),
 				"classtype" : "policy-violation",
 				"priority"  : "3",
-				"sid"       : "1",
+				"sid"       : sid | 2,
 				"rev"       : "1",
 				"reference" : (
 					"url",
@@ -489,7 +492,7 @@ class SuricataRulesExporter(TextExporter):
 				),
 				"classtype" : "policy-violation",
 				"priority"  : "3",
-				"sid"       : "1",
+				"sid"       : sid | 3,
 				"rev"       : "1",
 				"reference" : (
 					"url",
@@ -513,7 +516,7 @@ class SuricataRulesExporter(TextExporter):
 				),
 				"classtype" : "policy-violation",
 				"priority"  : "3",
-				"sid"       : "1",
+				"sid"       : sid | 4,
 				"rev"       : "1",
 				"reference" : (
 					"url",