Skip to content

Comments

Enip rust 3958 v8#10048

Closed
catenacyber wants to merge 4 commits intoOISF:masterfrom
catenacyber:enip-rust-3958-v8
Closed

Enip rust 3958 v8#10048
catenacyber wants to merge 4 commits intoOISF:masterfrom
catenacyber:enip-rust-3958-v8

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Dec 13, 2023

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3958

Describe changes:

  • convert enip parser to rust
  • integer keywords now support hexadecimal notation

Alon the way, also

  • transactions are now bidirectional
  • there is a enip logger
  • gap support is improved with probing for resync
  • frames
  • events
  • enip_command keyword accepts now string enumeration as values.
  • more keywords

#9991 with rebase and doc nits fixed

Provide values to any of the below to override the defaults.

SV_BRANCH=pr/1521

OISF/suricata-verify#1521

Does the first commit deserve its own redmine ticket ?
And the one in 4a49352 also ?

@catenacyber
detect: integer keywords now support hexadecimal
f66ccf1 
So that we can write enip.revision: 0x203
@catenacyber
enip: convert to rust
e163c86 
Ticket: 3958

- transactions are now bidirectional
- there is a logger
- gap support is improved with probing for resync
- frames support
- app-layer events
- enip_command keyword accepts now string enumeration as values.
- add enip.status keyword
- add keywords :
    enip.product_name, enip.protocol_version, enip.revision,
    enip.identity_status, enip.state, enip.serial, enip.product_code,
    enip.device_type, enip.vendor_id, enip.capabilities,
    enip.cip_attribute, enip.cip_class, enip.cip_instance,
    enip.cip_status, enip.cip_extendedstatus
@catenacyber catenacyber mentioned this pull request Dec 13, 2023
Closed
@catenacyber catenacyber mentioned this pull request Dec 13, 2023
Closed
3 tasks
@suricata-qa
Copy link

suricata-qa commented Dec 14, 2023

Information: QA ran without warnings.

Pipeline 17052

@victorjulien victorjulien marked this pull request as draft December 14, 2023 18:58
@victorjulien victorjulien self-assigned this Dec 14, 2023
@suricata-qa
Copy link

suricata-qa commented Dec 15, 2023

ERROR:

ERROR: QA failed on build_asan.

Pipeline 17105

@catenacyber catenacyber mentioned this pull request Dec 19, 2023
Closed
@catenacyber
Copy link
Contributor Author

catenacyber commented Dec 19, 2023

Rebased in #10072

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish Awaiting requested review from jasonish

@jufajardini jufajardini Awaiting requested review from jufajardini

@victorjulien victorjulien Awaiting requested review from victorjulien

Assignees

@victorjulien victorjulien

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@catenacyber @suricata-qa @victorjulien