From f96e97205cfd32b4ce5c242265505e9e33f8bccd Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Fri, 11 Apr 2025 10:21:54 +0200 Subject: [PATCH] firewall: detect: add feature flag for keywords supporting firewall --- src/detect-engine-register.c | 6 ++++++ src/detect-parse.c | 4 ++++ src/detect.h | 2 ++ 3 files changed, 12 insertions(+) diff --git a/src/detect-engine-register.c b/src/detect-engine-register.c index aedf50a75d..784640527c 100644 --- a/src/detect-engine-register.c +++ b/src/detect-engine-register.c @@ -322,6 +322,12 @@ static void PrintFeatureList(const SigTableElmt *e, char sep) printf("sticky buffer"); prev = 1; } + if (flags & SIGMATCH_SUPPORT_FIREWALL) { + if (prev == 1) + printf("%c", sep); + printf("supports firewall"); + prev = 1; + } if (e->Transform) { if (prev == 1) printf("%c", sep); diff --git a/src/detect-parse.c b/src/detect-parse.c index 36ba235a32..ad7696c731 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -978,6 +978,10 @@ static int SigParseOptions(DetectEngineCtx *de_ctx, Signature *s, char *optstr, goto error; } + if (s->init_data->firewall_rule && (st->flags & SIGMATCH_SUPPORT_FIREWALL) == 0) { + SCLogWarning("keyword \'%s\' has not been tested for firewall rules", optname); + } + /* see if value is negated */ if ((st->flags & SIGMATCH_HANDLE_NEGATION) && *ptr == '!') { s->init_data->negated = true; diff --git a/src/detect.h b/src/detect.h index b65cdaee48..a663bf07fa 100644 --- a/src/detect.h +++ b/src/detect.h @@ -1618,6 +1618,8 @@ typedef struct SigGroupHead_ { #define SIGMATCH_INFO_DEPRECATED BIT_U16(10) /** strict parsing is enabled */ #define SIGMATCH_STRICT_PARSING BIT_U16(11) +/** keyword supported by firewall rules */ +#define SIGMATCH_SUPPORT_FIREWALL BIT_U16(12) enum DetectEngineTenantSelectors {