detect/byte_jump: Support bitmask value

[jlucovsky]

Continuation of #14666

Add support for the bitmask value to byte_jump

Snort compatibility says:
- The bitmask value is applied to the extracted value
- The result of the bitmask operation is to be right-shifted by the
  number of trailing 0's in the bitmask value.

Link to ticket: https://redmine.openinfosecfoundation.org/issues/6693

This question remains open

Describe changes:

• Clarify how the bitmask value is used in the documentation
• Add parsing support for bitmask option
• Apply bitmask value/shift count as jump value is calculated.

Updates:

• Range check bitmask value: [1, MAX_UINT32]
• Removed Cargo.lock.in
• Fix ASAN issue discovered during fuzzing.
• Rebase and added s-v test
• s-v test update -- add test case for 0-value bitmask
• Moved the application of the bitmask to match Snort. Bitmask value now applied prior to multiplier

Provide values to any of the below to override the defaults.

• To use a Suricata-Verify or Suricata-Update pull request,
  link to the pull request in the respective _BRANCH variable.
• Leave unused overrides blank or remove.

SV_REPO=
SV_BRANCH=OISF/suricata-verify#2880
SU_REPO=
SU_BRANCH=

[codecov]

Codecov Report

❌ Patch coverage is 98.01980% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.12%. Comparing base (c333b28) to head (a827ec2).
⚠️ Report is 11 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #14675   +/-   ##
=======================================
  Coverage   82.11%   82.12%           
=======================================
  Files        1011     1011           
  Lines      262812   262899   +87     
=======================================
+ Hits       215812   215898   +86     
- Misses      47000    47001    +1     

Flag	Coverage Δ
fuzzcorpus	60.20% <48.78%> (+0.02%)	⬆️
livemode	18.75% <31.70%> (+0.04%)	⬆️
pcap	44.59% <48.78%> (-0.01%)	⬇️
suricata-verify	65.30% <95.12%> (+0.01%)	⬆️
unittests	59.28% <89.10%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[suricata-qa]

Information: QA ran without warnings.

Pipeline = 29259

[catenacyber]

This question remains open

Which question ?

[catenacyber]

u8 should be enough as it is < 32 ;-)

[jlucovsky]

Will change.

[catenacyber]

Thanks for the work,

CI : ✅
Commits segmentation : I would squash them, but ok...
Commit messages : good
Git ID set : looks fine for me
CLA : you signed it
Doc update : good (reads always strange to implement an already documented feature)
Redmine ticket : ok
Rustfmt : no rust 😢
Tests : Not sure I understand, see SV comments
Dependencies added: none
Code : good

[catenacyber]

This is wrong, not the value should be shifted, but bitmask_value

[jlucovsky]

The value val is being right shifted by the according to the bitmask_shift_count calculated during setup. During setup, the bitmask value is right shifted to count the number of trailing 0 bits.

[catenacyber]

I leave this for others to review as this shift does not make any sense to me

[catenacyber]

See comment about shift

[jlucovsky]

Member

The question was "when to apply the bitmask" -- snort does it prior to the multiplier so i've moved bitmask application to occur before the multiplier is applied.

[jlucovsky]

Continued in #14701