diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst index 991e55ae75..e35a596a40 100644 --- a/doc/userguide/upgrade.rst +++ b/doc/userguide/upgrade.rst @@ -34,6 +34,10 @@ also check all the new features that have been added but are not covered by this guide. Those features are either not enabled by default or require dedicated new configuration. +Upgrading 7.0 to 8.0 +-------------------- +.. note:: ``stats.whitelist`` has been renamed to ``stats.score`` in ``eve.json`` + Upgrading 6.0 to 7.0 -------------------- diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c index 05f93169d1..e9711eddab 100644 --- a/src/detect-engine-build.c +++ b/src/detect-engine-build.c @@ -877,7 +877,7 @@ static json_t *RulesGroupPrintSghStats(const DetectEngineCtx *de_ctx, const SigG } json_object_set_new(js, "stats", stats); - json_object_set_new(js, "whitelist", json_integer(sgh->init->whitelist)); + json_object_set_new(js, "score", json_integer(sgh->init->score)); return js; } @@ -1147,7 +1147,7 @@ static int RuleSetWhitelist(Signature *s) } } - s->init_data->whitelist = wl; + s->init_data->score = wl; return wl; } @@ -1198,7 +1198,7 @@ static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, uint8_t ipproto, u goto next; } - int wl = s->init_data->whitelist; + int wl = s->init_data->score; while (p) { int pwl = PortIsWhitelisted(de_ctx, p, ipproto) ? 111 : 0; pwl = MAX(wl,pwl); @@ -1206,12 +1206,12 @@ static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, uint8_t ipproto, u DetectPort *lookup = DetectPortHashLookup(de_ctx, p); if (lookup) { SigGroupHeadAppendSig(de_ctx, &lookup->sh, s); - lookup->sh->init->whitelist = MAX(lookup->sh->init->whitelist, pwl); + lookup->sh->init->score = MAX(lookup->sh->init->score, pwl); } else { DetectPort *tmp2 = DetectPortCopySingle(de_ctx, p); BUG_ON(tmp2 == NULL); SigGroupHeadAppendSig(de_ctx, &tmp2->sh, s); - tmp2->sh->init->whitelist = pwl; + tmp2->sh->init->score = pwl; DetectPortHashAdd(de_ctx, tmp2); } @@ -1519,7 +1519,7 @@ error: static int PortGroupWhitelist(const DetectPort *a) { - return a->sh->init->whitelist; + return a->sh->init->score; } int CreateGroupedPortListCmpCnt(DetectPort *a, DetectPort *b) diff --git a/src/detect-engine-siggroup.c b/src/detect-engine-siggroup.c index 36df347a50..b063fda8a6 100644 --- a/src/detect-engine-siggroup.c +++ b/src/detect-engine-siggroup.c @@ -402,8 +402,8 @@ int SigGroupHeadCopySigs(DetectEngineCtx *de_ctx, SigGroupHead *src, SigGroupHea for (idx = 0; idx < src->init->sig_size; idx++) (*dst)->init->sig_array[idx] = (*dst)->init->sig_array[idx] | src->init->sig_array[idx]; - if (src->init->whitelist) - (*dst)->init->whitelist = MAX((*dst)->init->whitelist, src->init->whitelist); + if (src->init->score) + (*dst)->init->score = MAX((*dst)->init->score, src->init->score); return 0; diff --git a/src/detect.h b/src/detect.h index 53ca2b0931..90ac0d7206 100644 --- a/src/detect.h +++ b/src/detect.h @@ -561,7 +561,7 @@ typedef struct SignatureInitData_ { /** score to influence rule grouping. A higher value leads to a higher * likelihood of a rulegroup with this sig ending up as a contained * group. */ - int whitelist; + int score; /** address settings for this signature */ const DetectAddressHead *src, *dst; @@ -1413,7 +1413,7 @@ typedef struct SigGroupHeadInitData_ { uint8_t protos[256]; /**< proto(s) this sgh is for */ uint32_t direction; /**< set to SIG_FLAG_TOSERVER, SIG_FLAG_TOCLIENT or both */ - int whitelist; /**< try to make this group a unique one */ + int score; /**< try to make this group a unique one */ MpmCtx **app_mpms; MpmCtx **pkt_mpms;