From patchwork Mon Feb 9 14:23:20 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 9497 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4f8n754bnfz3xld for ; Mon, 09 Feb 2026 14:26:09 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4f8n752KJ8z5h7 for ; Mon, 09 Feb 2026 14:26:09 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4f8n712CvYz33gL for ; Mon, 09 Feb 2026 14:26:05 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1 raw public key) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4f8n6y1qylz333y for ; Mon, 09 Feb 2026 14:26:02 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4f8n6w4x8cz3vs; Mon, 09 Feb 2026 14:26:00 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1770647161; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=18lPQuHxBNklSxI2jEk6YRGE8P3gIXF9mTQixw0YfZ0=; b=H6obX6OCKxW496hEFj4EvvrcSgRCSW14ECJBjHUxPIecnaeX5zyi4RJ6wZbjuLfGftULvH X/iiNqSdOHR7jiDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1770647161; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=18lPQuHxBNklSxI2jEk6YRGE8P3gIXF9mTQixw0YfZ0=; b=sG/DdFF8KU57ieH2KlKRHb9PgMWbSu7vFshQ0EJkp50FUz9O57hiGn9Cq194v/Md0kdGxV HsAFbcKAMYxs7iC6IO0Nz587zCM58+LnMgVoewFARAqMIlW/IjJSZPu63sXx1JzYTwwyzy 79rxK/db7rVhDCjkFZsHgQNTHQWJh94s5E51+XtJ7+/Ro7XD1chPMsB7ARHShToU7UnLrR wDOxfiKhFCdF6qW6R1CutR2XA9Bsf3rJKJaU6D12UBRFYlyDOjMGHA7t8VI6QKH3l1zGeg /JTV9hcUjYmYdc45WhbtcjfkVgTPpT3zr+PcduNGaS/Xge4snibvWAwZAxt4KQ== From: Stefan Schantl To: development@lists.ipfire.org Cc: Stefan Schantl Subject: [PATCH 2/4] ids-functions.pl: Add function to get the provider by a given rule id Date: Mon, 9 Feb 2026 15:23:20 +0100 Message-ID: <20260209142322.2481-2-stefan.schantl@ipfire.org> In-Reply-To: <20260209142322.2481-1-stefan.schantl@ipfire.org> References: <20260209142322.2481-1-stefan.schantl@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Signed-off-by: Stefan Schantl --- config/cfgroot/ids-functions.pl | 80 +++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index bede5fca0..0271ef4fc 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -1829,4 +1829,84 @@ sub generate_report_generator_config() { close(FILE); } +# +## Function to get the provider handle by a given rule sid. +# +sub get_provider_by_sid ($) { + my ($sid) = @_; + + # Get all known ruleset providers. + my @ruleset_providers = &get_ruleset_providers(); + + # Temporary hash to store found ranges. + my %tmphash = (); + my @tmparray; + + # Loop through the array of known providers. + foreach my $provider (@ruleset_providers) { + # Skip provider if no sid range is specified. + next unless ($IDS::Ruleset::Providers{$provider}{"sid_range"}); + + # Grab and the dereference the sid range. + my @sid_range = @{ $IDS::Ruleset::Providers{$provider}{"sid_range"} }; + + # Check if the given sid is in the range of the current processed provider. + next unless (&is_sid_in_range($sid, \@sid_range)); + + # Assign some nice human-readable values. + my $start = $sid_range[0]; + my $end = $sid_range[1]; + + # Calculate the sid range. + my $range = $end - $start; + + # Assign the found provider and it's range to the temporary hash. + $tmphash{$range} = $provider; + } + + # Sort the ranges of the found providers and store them in a temporary + # array - This is neccessary in case more than one range has been found. + @tmparray = sort (keys %tmphash); + + # Return if nothing has been found. + return unless(@tmparray); + + # The first element of the temporary array contains our smalles sid range + # which the given sid has to belong - grab the stored handle. + my $handle = $tmphash{$tmparray[0]}; + + # Return the obtained handle. + return $handle; +} + +# +## Function to check if a given single sid is in a given range. +# +sub is_sid_in_range($\@) { + my ($sid, $range_ref) = @_; + + # Deref the array ref and assig to array. + my @range = @{ $range_ref }; + + # Assign some nice human-readable values. + my $range_start = $range[0]; + my $range_stop = $range[1]; + + # Early exit in case the range has been passed the + # wrong way around. + return undef if ($range_start > $range_stop); + + # Return if the given sid is lower than the start one. + return if ($sid < $range_start); + + # Return if the given sid is higher than the max range. + return if ($sid > $range_stop); + + # Return True if the given sid is lower or equals the max range. + return 1 if ($sid <= $range_stop); + + # If we got here, something strange happend. + return undef; +} + 1;