From: Philippe Antoine Date: Thu, 16 Oct 2025 14:11:00 +0000 (+0200) Subject: detect/integers: rename index all1 to all X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F14271%2Fhead;p=thirdparty%2Fsuricata.git detect/integers: rename index all1 to all And all to all_or_absent Ticket: 7929 --- diff --git a/doc/userguide/rules/integer-keywords.rst b/doc/userguide/rules/integer-keywords.rst index 9d5b582fd4..d1b22c71b7 100644 --- a/doc/userguide/rules/integer-keywords.rst +++ b/doc/userguide/rules/integer-keywords.rst @@ -121,23 +121,27 @@ They expand the syntax of a single integer:: .. table:: **Index values for multi-integers keyword** - ========= ================================================ - Value Description - ========= ================================================ - [default] Match with any index - any Match with any index - all Match only if all indexes match - all1 Match only if all and at least one indexes match - nb Matches a number of times - or_absent Match with any index or no values - 0>= Match specific index - 0< Match specific index with back to front indexing - oob_or Match with specific index or index out of bounds - ========= ================================================ - -The index ``all`` will match if there is no value. -The index ``all1`` will not match if there is no value and behaves -like ``all`` if there is at least one value. + ============= =========================================================== + Value Description + ============= =========================================================== + [default] Match with any index + any Match with any index + all Match only if all and at least one indexes match + all_or_absent Match only if all indexes match or matches on an empty list + nb x Matches a number of times + or_absent Match with any index or matches on an empty list + 0>= Match specific index + 0< Match specific index with back to front indexing + oob_or x Match with specific index or index out of bounds + ============= =========================================================== + +**Please note that:** + +The index ``all`` will not match if there is no value. + +The index ``all_or_absent`` will match if there is no value +and behaves like ``all`` if there is at least one value. + These keywords will wait for transaction completion to run, to be sure to have the final number of elements. diff --git a/rust/src/detect/uint.rs b/rust/src/detect/uint.rs index c8919b4e7b..337cd85fbc 100644 --- a/rust/src/detect/uint.rs +++ b/rust/src/detect/uint.rs @@ -53,8 +53,8 @@ pub struct DetectUintData { #[derive(Debug, PartialEq)] pub enum DetectUintIndex { Any, + AllOrAbsent, All, - All1, OrAbsent, Index((bool, i32)), NumberMatches(DetectUintData), @@ -123,7 +123,7 @@ fn parse_uint_index(parts: &[&str]) -> Option { let index = if parts.len() >= 2 { match parts[1] { "all" => DetectUintIndex::All, - "all1" => DetectUintIndex::All1, + "all_or_absent" => DetectUintIndex::AllOrAbsent, "any" => DetectUintIndex::Any, "or_absent" => DetectUintIndex::OrAbsent, // not only a literal, but some numeric value @@ -289,7 +289,7 @@ pub(crate) fn detect_uint_match_at_index( } return 0; } - DetectUintIndex::All => { + DetectUintIndex::AllOrAbsent => { if !eof { return 0; } @@ -302,7 +302,7 @@ pub(crate) fn detect_uint_match_at_index( } return 1; } - DetectUintIndex::All1 => { + DetectUintIndex::All => { if !eof { return 0; } diff --git a/rust/src/detect/vlan.rs b/rust/src/detect/vlan.rs index c1c157c2fc..079a35e686 100644 --- a/rust/src/detect/vlan.rs +++ b/rust/src/detect/vlan.rs @@ -23,7 +23,7 @@ use std::ffi::{c_int, c_void, CStr}; pub const DETECT_VLAN_ID_ANY: i8 = i8::MIN; pub const DETECT_VLAN_ID_ALL: i8 = i8::MAX; -pub const DETECT_VLAN_ID_ALL1: i8 = i8::MAX - 1; +pub const DETECT_VLAN_ID_ALL_OR_ABSENT: i8 = i8::MAX - 1; pub const DETECT_VLAN_ID_OR_ABSENT: i8 = i8::MAX - 2; pub const DETECT_VLAN_ID_ERROR: i8 = i8::MAX - 3; pub static VLAN_MAX_LAYERS: i32 = 3; @@ -54,7 +54,7 @@ pub fn detect_parse_vlan_id(s: &str) -> Option> { // keep previous behavior that vlan.id: all matched only if there was vlan return Some(DetectUintArrayData { du: a.du.clone(), - index: DetectUintIndex::All1, + index: DetectUintIndex::All, start: a.start, end: a.end, }); @@ -108,7 +108,7 @@ pub unsafe extern "C" fn SCDetectVlanIdPrefilterMatch( let index = match ctx.layer { DETECT_VLAN_ID_ANY => DetectUintIndex::Any, DETECT_VLAN_ID_ALL => DetectUintIndex::All, - DETECT_VLAN_ID_ALL1 => DetectUintIndex::All1, + DETECT_VLAN_ID_ALL_OR_ABSENT => DetectUintIndex::AllOrAbsent, DETECT_VLAN_ID_OR_ABSENT => DetectUintIndex::OrAbsent, i => DetectUintIndex::Index((false, i.into())), }; @@ -130,7 +130,7 @@ pub unsafe extern "C" fn SCDetectVlanIdPrefilter( let layer = match ctx.index { DetectUintIndex::Any => DETECT_VLAN_ID_ANY, DetectUintIndex::All => DETECT_VLAN_ID_ALL, - DetectUintIndex::All1 => DETECT_VLAN_ID_ALL1, + DetectUintIndex::AllOrAbsent => DETECT_VLAN_ID_ALL_OR_ABSENT, DetectUintIndex::OrAbsent => DETECT_VLAN_ID_OR_ABSENT, DetectUintIndex::Index((_, i)) => i as i8, DetectUintIndex::NumberMatches(_) => DETECT_VLAN_ID_ERROR, @@ -151,7 +151,7 @@ pub unsafe extern "C" fn SCDetectVlanIdPrefilterable(ctx: *const c_void) -> bool match ctx.index { DetectUintIndex::Any => true, DetectUintIndex::All => true, - DetectUintIndex::All1 => true, + DetectUintIndex::AllOrAbsent => true, DetectUintIndex::OrAbsent => true, // do not prefilter for precise index with "or out of bounds" DetectUintIndex::Index((oob, _)) => !oob, @@ -201,7 +201,7 @@ mod test { arg2: 0, mode: DetectUintMode::DetectUintModeEqual, }, - index: DetectUintIndex::All1, + index: DetectUintIndex::All, start: 0, end: 0, }