flow/pkts: make syntax cleaner and compact

Currently, the syntax includes direction as a part of the keyword which is against how usually keywords are done. By making direction as a mandatory argument, it is possible to make the syntax cleaner and the implementation more compact and easily extendable. Pros: - Registration table sees lesser entries - If the options have to be extended, it can be done trivially - In accordance w existing keyword implementations
OISF · Oct 7, 2024 · ac9c5d2 · ac9c5d2
1 parent 3f0512e
commit ac9c5d2
Show file tree

Hide file tree

Showing 4 changed files with 152 additions and 181 deletions.
diff --git a/src/detect-engine-register.c b/src/detect-engine-register.c
@@ -569,10 +569,8 @@ void SigTableSetup(void)
     DetectReplaceRegister();
     DetectFlowRegister();
     DetectFlowAgeRegister();
-    DetectFlowPktsToClientRegister();
-    DetectFlowPktsToServerRegister();
-    DetectFlowBytesToClientRegister();
-    DetectFlowBytesToServerRegister();
+    DetectFlowPktsRegister();
+    DetectFlowBytesRegister();
     DetectRequiresRegister();
     DetectWindowRegister();
     DetectRpcRegister();

diff --git a/src/detect-engine-register.h b/src/detect-engine-register.h
@@ -124,10 +124,8 @@ enum DetectKeywordId {
     DETECT_FRAME,
 
     DETECT_FLOW_AGE,
-    DETECT_FLOW_PKTS_TO_CLIENT,
-    DETECT_FLOW_PKTS_TO_SERVER,
-    DETECT_FLOW_BYTES_TO_CLIENT,
-    DETECT_FLOW_BYTES_TO_SERVER,
+    DETECT_FLOW_PKTS,
+    DETECT_FLOW_BYTES,
 
     DETECT_REQUIRES,