From c4ea03908ed0a89589932069866d3b32cf84b83a Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Fri, 1 Nov 2024 10:45:56 -0400 Subject: [PATCH] var: Use 16-bit container for type Issue: 6855: Match sigmatch type field in var and bit structs --- src/detect-engine-register.h | 3 +-- src/detect-engine-threshold.c | 4 ++-- src/flow-bit.h | 4 ++-- src/flow-var.h | 5 +++-- src/util-var.h | 9 ++++----- 5 files changed, 12 insertions(+), 13 deletions(-) diff --git a/src/detect-engine-register.h b/src/detect-engine-register.h index b7a029998555..6d02048019c1 100644 --- a/src/detect-engine-register.h +++ b/src/detect-engine-register.h @@ -56,8 +56,7 @@ enum DetectKeywordId { DETECT_FLOW, /* end prefilter sort */ - /* values used in util-var.c go here, to avoid int overflows - * TODO update var logic to use a larger type, see #6855. */ + /* values used in util-var.c go here, to avoid int overflows */ DETECT_THRESHOLD, DETECT_FLOWBITS, DETECT_FLOWVAR, diff --git a/src/detect-engine-threshold.c b/src/detect-engine-threshold.c index c9ca8fa4a45e..7c67a606417b 100644 --- a/src/detect-engine-threshold.c +++ b/src/detect-engine-threshold.c @@ -524,8 +524,8 @@ static void FlowThresholdEntryListFree(FlowThresholdEntryList *list) /** struct for storing per flow thresholds. This will be stored in the Flow::flowvar list, so it * needs to follow the GenericVar header format. */ typedef struct FlowVarThreshold_ { - uint8_t type; - uint8_t pad[7]; + uint16_t type; + uint8_t pad[6]; struct GenericVar_ *next; FlowThresholdEntryList *thresholds; } FlowVarThreshold; diff --git a/src/flow-bit.h b/src/flow-bit.h index e10c58dafde0..e7fb3f9ecc9c 100644 --- a/src/flow-bit.h +++ b/src/flow-bit.h @@ -28,8 +28,8 @@ #include "util-var.h" typedef struct FlowBit_ { - uint8_t type; /* type, DETECT_FLOWBITS in this case */ - uint8_t pad[3]; + uint16_t type; /* type, DETECT_FLOWBITS in this case */ + uint8_t pad[2]; uint32_t idx; /* name idx */ GenericVar *next; /* right now just implement this as a list, * in the long run we have think of something diff --git a/src/flow-var.h b/src/flow-var.h index 4768490e68c6..e8b769be3a28 100644 --- a/src/flow-var.h +++ b/src/flow-var.h @@ -46,13 +46,14 @@ typedef struct FlowVarTypeInt_ { /** Generic Flowvar Structure */ typedef struct FlowVar_ { - uint8_t type; /* type, DETECT_FLOWVAR in this case */ + uint16_t type; /* type, DETECT_FLOWVAR in this case */ uint8_t datatype; - uint16_t keylen; + uint8_t pad; uint32_t idx; /* name idx */ GenericVar *next; /* right now just implement this as a list, * in the long run we have think of something * faster. */ + uint16_t keylen; union { FlowVarTypeStr fv_str; FlowVarTypeInt fv_int; diff --git a/src/util-var.h b/src/util-var.h index 4732b46e479c..620a923d710f 100644 --- a/src/util-var.h +++ b/src/util-var.h @@ -46,17 +46,16 @@ enum VarTypes { VAR_TYPE_IPPAIR_VAR, }; -/** \todo see ticket #6855. The type field should be 16 bits. */ typedef struct GenericVar_ { - uint8_t type; /**< variable type, uses detection sm_type */ - uint8_t pad[3]; + uint16_t type; /**< variable type, uses detection sm_type */ + uint8_t pad[2]; uint32_t idx; struct GenericVar_ *next; } GenericVar; typedef struct XBit_ { - uint8_t type; /* type, DETECT_XBITS in this case */ - uint8_t pad[3]; + uint16_t type; /* type, DETECT_XBITS in this case */ + uint8_t pad[2]; uint32_t idx; /* name idx */ GenericVar *next; uint32_t expire;