Detect generic uint 4112 v4

[catenacyber]

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/4112

Describe changes:

• Makes use of generic DetectUint structure for dsize and dcerpc, ttl, tcpmss, filesize (and template2)

Replaces #7150 with

• commits history rework
• incorporante ttl, tcpmss, template2 and filesize

Still TODO:

• more keywords in C use specific versions, but they are more complex than just an integer
• look for uses of set_uint in loggers to see if we can easily a new keywords

> git grep _LT src/*.h | grep DETEC
src/detect-ipproto.h:#define DETECT_IPPROTO_OP_LT     '<' /**< "less than" operator */
src/detect-iprep.h:#define DETECT_IPREP_OP_LT        0
src/detect-stream_size.h:#define DETECTSSIZE_LT 0
src/detect-tls-cert-validity.h:#define DETECT_TLS_VALIDITY_LT (1<<1) /* less than */
src/detect-urilen.h:#define DETECT_URILEN_LT   0   /**< "less than" operator */

[catenacyber]

Last version was +576 −1,110

Now it is +705 −2,371

[catenacyber]

The S-V failure indicates a real problem in etopen rules
ttl:<0 can never match for 2030055 and 2030056

[victorjulien]

Some inline comments and questions.

Really nice job. Esp love seeing so much parsing code get removed.

[victorjulien]

should we just use .unwrap() instead of conditions here?

[catenacyber]

Nice

[victorjulien]

what are these empty constructs?

[catenacyber]

@jasonish advised me these...
I want a generic that provides what I can get for unsigned integers : comparison, max value, parsing from string...

[jasonish]

What we're after is a type alias for a type that implements FromStr, PartialOrd, PrimInt, Bounded, however you can make a type alias (like a typedef) that specific multiple traits for whatever reason. The idiomatic workaround is to create a new trait that specifies all these traits.

It lets us specify function like fn detect_parse_uint_start_equal<T: DetectIntType> instead of fn detect_parse_uint_start_equal<T: std::str::FromStr + std::cmp::PartialOrd + num::PrimInt + num::Bounded>`.

[victorjulien]

if unsafe, should we do more to check? E.g. can ft_name be validated somehow, or can str be?

btw str is also a type, might be good to not use it as an argument value. Tricks code hilighing here for example

[catenacyber]

cc @jasonish
I think it is unsafe, because you have no assurance that C caller will provide a valid null-terminated string...

Changing str variable name

[jasonish]

if unsafe, should we do more to check? E.g. can ft_name be validated somehow, or can str be?

We can check for null, thats about it.

[victorjulien]

Is the first, ignored, argument here the remaining string? Should we check if that is empty? Could it be non-empty on trailing data?

[catenacyber]

Is the first, ignored, argument here the remaining string?

Yes

Should we check if that is empty? Could it be non-empty on trailing data?

I am not sure
There are other keywords such as urilen which have an integer, but not only. After, we can have norm|raw

[victorjulien]

These don't match our style, should probably be DetectUintDataU32

[catenacyber]

What do you mean ?
DetectUintData_u64 is generated by cbindgen
DetectU64Data is what is in the code currently

I added these typedef to minimize the diff.
But we can run sed 's/DetectU64Data/DetectUintData_u64/' and avoid these

[catenacyber]

Replaced by #7170