Skip to content

Detect integers 6644 v13#10241

Closed
catenacyber wants to merge 5 commits intoOISF:masterfrom
catenacyber:detect-integers-6644-v13
Closed

Detect integers 6644 v13#10241
catenacyber wants to merge 5 commits intoOISF:masterfrom
catenacyber:detect-integers-6644-v13

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Jan 25, 2024

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6644 and all subtickets
https://redmine.openinfosecfoundation.org/issues/6645
https://redmine.openinfosecfoundation.org/issues/6646
https://redmine.openinfosecfoundation.org/issues/6647
https://redmine.openinfosecfoundation.org/issues/6648
https://redmine.openinfosecfoundation.org/issues/6628

Describe changes:

  • detect/integers: support hexadecimal notation for parsing
  • detect/integers: add mode for negated range
  • detect/integers: rust derive for enumerations
  • detect/integers: keywords now accept bitmasks
  • doc: detect/integers

#10234 with code review taken into account

catenacyber and others added 5 commits January 22, 2024 20:28
@catenacyber
detect: integer keywords now support hexadecimal
6c6fbbd 
So that we can write enip.revision: 0x203

Ticket: 6645
@catenacyber
detect: integer keywords now accept negated ranges
2adbd03 
Ticket: 6646
@catenacyber
detect/integer: rust derive for enumerations
8ee752e 
Ticket: 6647

Allows keywords using integers to use strings in signature
parsing based on a rust enumeration with a derive.
@catenacyber
detect: integer keywords now accept bitmasks
ca685f3 
Ticket: 6648

Like &0x40=0x40 to test for a specific bit set
@catenacyber
doc: integer keywords
2f77a9e 
Ticket: 6628

Document the generic detection capabilities for integer keywords.
and make every integer keyword pointing to this section.
This was referenced Jan 25, 2024
Closed
Closed
@catenacyber
Copy link
Contributor Author

catenacyber commented Jan 25, 2024

Rebased in #10246

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish Awaiting requested review from jasonish

@jufajardini jufajardini Awaiting requested review from jufajardini

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@catenacyber