git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <vjulien@oisf.net>
	Wed, 24 May 2023 08:44:45 +0000 (10:44 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Fri, 26 May 2023 04:55:01 +0000 (06:55 +0200)
commit	2696fda04168cb82bedc8920fb8a3cc7d55289de
tree	3e4559b01e86f4bf773af9e6d013b886d23a7e86	tree
parent	f6f2c225740e4fd1b6a02296eb9701d94daefea8	commit \| diff

detect: use explicit rule types

Instead of using flags to indicate a rule type, use an explicit `type`
field.

This will make it more clean in code paths what paths a rule is taking,
and will allow easier debugging as well as analyzer output.

Define the following fields:

- SIG_TYPE_IPONLY: sig meets IP-only criteria and is handled by the IP-only
  engine.
- SIG_TYPE_PDONLY: sig inspects protocol detection results only.
- SIG_TYPE_DEONLY: sig inspects decoder events only.
- SIG_TYPE_PKT:    sig is inspected per packet.
- SIG_TYPE_PKT_STREAM: sig is inspected against either packet payload or
  stream payload.
- SIG_TYPE_STREAM: sig is inspected against the reassembled stream
- SIG_TYPE_APPLAYER: sig is inspected against an app-layer property, but not
  against a tx engine.
- SIG_TYPE_APP_TX: sig is inspected the tx aware inspection engine(s).

Ticket: #6085.

src/detect-app-layer-protocol.c		diff \| blob \| blame \| history
src/detect-engine-alert.c		diff \| blob \| blame \| history
src/detect-engine-analyzer.c		diff \| blob \| blame \| history
src/detect-engine-build.c		diff \| blob \| blame \| history
src/detect-engine-iponly.c		diff \| blob \| blame \| history
src/detect-engine.c		diff \| blob \| blame \| history
src/detect-engine.h		diff \| blob \| blame \| history
src/detect-parse.c		diff \| blob \| blame \| history
src/detect-threshold.c		diff \| blob \| blame \| history
src/detect.h		diff \| blob \| blame \| history