Conversation
Because some alprotos will remain static and defined as a constant, such as ALPROTO_UNKNOWN=0, or ALPROTO_FAILED. The regular already used protocols keep for now their static identifier such as ALPROTO_SNMP, but this could be made more dynamic in a later commit. ALPROTO_FAILED was used in comparison and these needed to change to use either ALPROTO_MAX or use standard function AppProtoIsValid
Ticket: 5053 The names are now dynamically registered at runtime. The AppProto alproto enum identifiers are still static for now. This is the final step before app-layer plugins.
Ticket: 5053
catenacyber
requested review from
a team,
jasonish and
victorjulien
as code owners
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #12364 +/- ##
==========================================
- Coverage 82.54% 80.50% -2.05%
==========================================
Files 912 913 +1
Lines 258028 258152 +124
==========================================
- Hits 212988 207818 -5170
- Misses 45040 50334 +5294
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Information: QA ran without warnings. Pipeline 24156 |
victorjulien
left a comment
victorjulien
left a comment
There was a problem hiding this comment.
Getting close I think, some comments inline
| /***** Setup/General Registration *****/ | ||
| static void AppLayerNamesSetup(void) | ||
| { | ||
| AppProtoRegisterProtoString(ALPROTO_UNKNOWN, "unknown"); |
There was a problem hiding this comment.
can these move into the parser registrations? E.g.
/**
* \brief Register the SMTP Protocol parser.
*/
void RegisterSMTPParsers(void)
{
const char *proto_name = "smtp";
AppProtoRegisterProtoString(ALPROTO_SMTP, proto_name);There was a problem hiding this comment.
I did not find how and it is not obvious :
This does not work for rust parsers because they do not know the ALPROTO_SSH value and they find it using the string "ssh" passed to AppLayerRegisterProtocolDetection
Can this be studied as a next step, also making ALPROTO_SNMP dynamic ?
|
Next in #12372 |
3 participants
Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/5053
Describe changes:
#12363 without zabbix plugin in tree, and test fix due to splitting with #12307
Note that there is still #12307 to fix the limitation of probing parsers against 32 protocols (meaning any new app-layer like one in a plugin may be affected by this bug if it uses probing parsers for protocol detection)