rust/sip: register parser for tcp v14 by glongo · Pull Request #10098 · OISF/suricata

glongo · 2023-12-27T11:05:20Z

Make sure these boxes are signed before submitting your Pull Request -- thank you.

I have read the contributing guide lines at
https://docs.suricata.io/en/latest/devguide/codebase/contributing/contribution-process.html
I have signed the Open Information Security Foundation contribution agreement at
https://suricata.io/about/contribution-agreement/ (note: this is only required once)
I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3351

Describe changes:

Fix PDU creation according to the discussion in rust/sip: register parser for tcp v13 #10058

Provide values to any of the below to override the defaults.

To use a pull request use a branch name like pr/N where N is the
pull request number.

Alternatively, SV_BRANCH may also be a link to an
OISF/suricata-verify pull-request.

SV_REPO=
SV_BRANCH=pr/1538
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

Accepts valid characters as defined in RFC3261.

The `is_version_char` function incorrectly allowed characters that are not part of the valid SIP version "SIP/2.0". For instance, 'HTTP/1.1' was mistakenly accepted as a valid SIP version, although it's not. This commit fixes the issue by updating the condition to strictly check for the correct version string.

This patch lets the parser to work over tcp protocol, taking care of handling data before calling the request/response parsers. Ticket OISF#3351.

This patch permits to set a direction when a new transaction is created in order to avoid 'signature shadowing' as reported by Eric Leblond in commit 5aaf507

This permits to detect the SIP protocol using pattern matching instead of probing parser. Since it is no longer used, the respective probing functions have been removed.

codecov · 2023-12-27T11:25:50Z

Codecov Report

Attention: Patch coverage is 90.83665% with 23 lines in your changes are missing coverage. Please review.

Project coverage is 82.11%. Comparing base (5cc872f) to head (4d6c05f).
Report is 183 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #10098      +/-   ##
==========================================
- Coverage   82.19%   82.11%   -0.09%     
==========================================
  Files         975      975              
  Lines      271940   272109     +169     
==========================================
- Hits       223523   223429      -94     
- Misses      48417    48680     +263

Flag	Coverage Δ
fuzzcorpus	`62.99% <67.23%> (+0.07%)`	⬆️
suricata-verify	`61.13% <91.06%> (-0.29%)`	⬇️
unittests	`62.83% <31.47%> (-0.01%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

glongo · 2024-02-15T16:01:01Z

Is this PR ready to be merged?

jufajardini · 2024-02-16T15:14:42Z

Is this PR ready to be merged?

The documentation additions look good to me.

Unfortunately, this PR needs to be rebased, now.

I saw that there was a thread about where the frames should be registered, considering there seemed to be some disagreement there, I'll add a label decision required here, to bring attention to that.

victorjulien · 2024-02-27T13:55:48Z

This implements general parser improvements that should probably be backported to 7, can you create a ticket for it?

glongo · 2024-02-27T14:20:17Z

Replaced by #10513

glongo added 8 commits December 27, 2023 10:50

rust/sip: rustfmt sip module

da35c0e

sip/parser: accept valid chars

e960859

Accepts valid characters as defined in RFC3261.

rust/sip: register parser for tcp

7366506

This patch lets the parser to work over tcp protocol, taking care of handling data before calling the request/response parsers. Ticket OISF#3351.

rust/sip: add direction to transaction

a3f8409

This patch permits to set a direction when a new transaction is created in order to avoid 'signature shadowing' as reported by Eric Leblond in commit 5aaf507

suricata.yaml: define SIP_PORTS

bdbdf8f

rust/sip: register pattern matching

2ececf0

This permits to detect the SIP protocol using pattern matching instead of probing parser. Since it is no longer used, the respective probing functions have been removed.

doc: add upgrade section for 8

4d6c05f

glongo requested review from a team, jasonish, jufajardini and victorjulien as code owners December 27, 2023 11:05

glongo mentioned this pull request Dec 27, 2023

rust/sip: register parser for tcp v13 #10058

Closed

3 tasks

victorjulien added the needs rebase Needs rebase to main label Feb 27, 2024

glongo closed this Feb 27, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

rust/sip: register parser for tcp v14#10098

rust/sip: register parser for tcp v14#10098
glongo wants to merge 8 commits intoOISF:masterfrom
glongo:dev-sip-tcp-v14

glongo commented Dec 27, 2023

Uh oh!

codecov bot commented Dec 27, 2023 •

edited

Loading

Uh oh!

glongo commented Feb 15, 2024

Uh oh!

jufajardini commented Feb 16, 2024

Uh oh!

victorjulien commented Feb 27, 2024

Uh oh!

glongo commented Feb 27, 2024

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

3 participants

Comments

Conversation

glongo commented Dec 27, 2023

Provide values to any of the below to override the defaults.

Uh oh!

codecov bot commented Dec 27, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

glongo commented Feb 15, 2024

Uh oh!

jufajardini commented Feb 16, 2024

Uh oh!

victorjulien commented Feb 27, 2024

Uh oh!

glongo commented Feb 27, 2024

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

3 participants

codecov bot commented Dec 27, 2023 •

edited

Loading