Conversation
if no config option is found, as is done for udp Ticket: 6304
Ticket: 6647 Allows keywords using integers to use strings in signature parsing based on a rust enumeration with a derive.
Ticket: 2695
Including the one for websocket over HTTP/2
catenacyber
requested review from
a team,
jasonish,
jufajardini and
victorjulien
as code owners
|
Maybe I should change the fin keyword to be the complete first byte, and implement https://redmine.openinfosecfoundation.org/issues/6648 to march on the reserved bits (like the one that got used for compression) (can still be matched now with frames and byte_extract I guess) |
|
ERROR: ERROR: QA failed on SURI_TLPW1_files_sha256. Pipeline 17183 |
| fn from_str(s: &str) -> Option<Self> where Self: Sized; | ||
|
|
||
| /// Get a detect context for integer keyword. | ||
| fn to_detect_ctx(s: &str) -> Option<DetectUintData<T>>; |
There was a problem hiding this comment.
So you should now be able to do something like:
impl<T> TryFrom<&dyn Enum<T>> for DetectUintData<T> {
type Error = ();
fn try_from(value: &dyn Enum<T>) -> Result<Self, Self::Error> {
todo!()
}
}
instead of having this method as part of the trait.
There was a problem hiding this comment.
Alternatively naming.. This is an enum specifically for use in detection with a direct mapping from a name to an integer value?
There was a problem hiding this comment.
So you should now be able to do something like:
impl<T> TryFrom<&dyn Enum<T>> for DetectUintData<T> { type Error = (); fn try_from(value: &dyn Enum<T>) -> Result<Self, Self::Error> { todo!() } }instead of having this method as part of the trait.
So I think the prototype fn to_detect_ctx(s: &str) -> Option<DetectUintData<T>> is right as it takes a string as input, and resorts to generic integer parsing if this is not an enum string
This is an enum specifically for use in detection with a direct mapping from a name to an integer value?
The enum is also used in logging (not only for alerts). Was it your question ?
There was a problem hiding this comment.
It just seems out of place, with respect to naming. We have a rather generic trait named Enum, but then we have this method to_detect_ctx that doesn't even take &self.
Some more comments in next PR.
There was a problem hiding this comment.
Maybe the trait can be better named indeed.
method to_detect_ctx that doesn't even take &self.
But I do not want to use the enumeration : I just want a unique association between integers and strings that goes both ways, and some helper functions around that.
Is derive+trait+enum the best way to do so ? Or do you see another way ?
There was a problem hiding this comment.
In the gist I posted that has the from traits, maybe a generic helper function?
|
Replaced by #10104 |
3 participants
Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/2695
https://redmine.openinfosecfoundation.org/issues/6647
Describe changes:
OISF/suricata-verify#1550 justrebased and force-pushed
#10091 with
I think this is good enough for a first version even if there may be improvements (that can happen in later tickets) :
This is a big one as websockets over HTTP/2 only use a single HTTP/2 stream and not the whole TCP connection which keeps having newer regular HTTP/2 streams