flow/pkts: make syntax cleaner and compact

Currently, the syntax includes direction as a part of the keyword which is against how usually keywords are done. By making direction as a mandatory argument, it is possible to make the syntax cleaner and the implementation more compact and easily extendable. Pros: - Registration table sees lesser entries - If the options have to be extended, it can be done trivially - In accordance w existing keyword implementations Note that this commit also retains the existing direction specific keywords.
OISF · Dec 3, 2024 · e55d11b · e55d11b
1 parent e9173f3
commit e55d11b
Show file tree

Hide file tree

Showing 4 changed files with 302 additions and 137 deletions.
diff --git a/src/detect-engine-register.c b/src/detect-engine-register.c
@@ -581,10 +581,12 @@ void SigTableSetup(void)
     DetectReplaceRegister();
     DetectFlowRegister();
     DetectFlowAgeRegister();
-    DetectFlowPktsToClientRegister();
+    DetectFlowPktsRegister();
     DetectFlowPktsToServerRegister();
-    DetectFlowBytesToClientRegister();
+    DetectFlowPktsToClientRegister();
+    DetectFlowBytesRegister();
     DetectFlowBytesToServerRegister();
+    DetectFlowBytesToClientRegister();
     DetectRequiresRegister();
     DetectWindowRegister();
     DetectRpcRegister();

diff --git a/src/detect-engine-register.h b/src/detect-engine-register.h
@@ -127,10 +127,12 @@ enum DetectKeywordId {
     DETECT_FRAME,
 
     DETECT_FLOW_AGE,
-    DETECT_FLOW_PKTS_TO_CLIENT,
+    DETECT_FLOW_PKTS,
     DETECT_FLOW_PKTS_TO_SERVER,
-    DETECT_FLOW_BYTES_TO_CLIENT,
+    DETECT_FLOW_PKTS_TO_CLIENT,
+    DETECT_FLOW_BYTES,
     DETECT_FLOW_BYTES_TO_SERVER,
+    DETECT_FLOW_BYTES_TO_CLIENT,
 
     DETECT_REQUIRES,