Skip to content

Comments

Detect dynamic register keywords 4683 v4#11036

Closed
catenacyber wants to merge 10 commits intoOISF:masterfrom
catenacyber:detect-dynamic-register-keywords-4683-v4
Closed

Detect dynamic register keywords 4683 v4#11036
catenacyber wants to merge 10 commits intoOISF:masterfrom
catenacyber:detect-dynamic-register-keywords-4683-v4

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented May 7, 2024

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/4683

Describe changes:

  • build: fix fuzz dependencies, and dpdk
  • detect: helper to have pure rust keywords
  • make keywords registration dynamic
  • detect/snmp: move keywords to rust
  • snmp.pdu_type use a generic uint32 for detection, allowing >2 and such
  • detect/dhcp: move keywords to rust
  • detect/websocket: move keywords to rust

Continuation of #9871 after merge of #10819

After the merge of loggers, pure rust plugins will need pure rust keywords.
The plan is to do this for all rust app-layers, now only done for 3 protocols, which has both integers and buffers as keywords.

#11035 which should be green CI, plus DHCP and websocket

This is done on top of #11033 commits to get green CI

catenacyber added 9 commits May 7, 2024 10:17
@catenacyber
tests: do not bother to free a null pointer
fbfee2b
@catenacyber
rust: return empty slice without using from_raw_parts
ce982b1 
As this triggers rustc 1.78
unsafe precondition(s) violated: slice::from_raw_parts requires
the pointer to be aligned and non-null,
and the total size of the slice not to exceed `isize::MAX`
@catenacyber
app-layer: do not probe a gap
bb70725 
If the flow begins with a gap, do not try run probing parsers
to recognize app-layer on it, as they have no data.
@catenacyber
fuzz: build with dependencies on rust and c lib
964a384 
So that there is no need to remove the final binary, to recompile
it if there has been changes in the code.
@catenacyber
dpdk: simplify and fix build
8b6e327
@catenacyber
detect: helper to have pure rust keywords
5c774f7 
detect: make number of keywords dynamic

Ticket: 4683
@catenacyber
detect/snmp: move keywords to rust
09928a9 
Ticket: 4863

On the way, convert unit test DetectSNMPCommunityTest to a SV test.

And also, make snmp.pdu_type use a generic uint32 for detection,
allowing operators, instead of just equality.
@catenacyber
detect/dhcp: move keywords to rust
a1738e6 
Ticket: 4863
@catenacyber
detect/websocket: move keywords to rust
a36f24a 
Ticket: 4863
@catenacyber catenacyber mentioned this pull request May 7, 2024
Closed
@suricata-qa
Copy link

suricata-qa commented May 7, 2024

Information: QA ran without warnings.

Pipeline 20534

@catenacyber catenacyber mentioned this pull request May 14, 2024
Closed
@catenacyber
Copy link
Contributor Author

catenacyber commented May 14, 2024

Rebased in #11068

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish Awaiting requested review from jasonish

@jufajardini jufajardini Awaiting requested review from jufajardini

@victorjulien victorjulien Awaiting requested review from victorjulien

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@catenacyber @suricata-qa