Skip to content

Detect dynamic register keywords 4683 v3#11035

Closed
catenacyber wants to merge 7 commits into
OISF:masterfrom
catenacyber:detect-dynamic-register-keywords-4683-v3
Closed

Detect dynamic register keywords 4683 v3#11035
catenacyber wants to merge 7 commits into
OISF:masterfrom
catenacyber:detect-dynamic-register-keywords-4683-v3

Conversation

@catenacyber
Copy link
Copy Markdown
Contributor

@catenacyber catenacyber commented May 7, 2024
edited
Loading

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/4683

Describe changes:

  • detect: helper to have pure rust keywords
  • make keywords registration dynamic
  • detect/snmp: move keywords to rust
  • snmp.pdu_type use a generic uint32 for detection, allowing >2 and such

SV_BRANCH=OISF/suricata-verify#1804

Continuation of #9871 after merge of #10819

After the merge of loggers, pure rust plugins will need pure rust keywords.
The plan is to do this for all rust app-layers, now only done for SNMP, which has both integers and buffers as keywords.

#10992 new version

Still draft to get clean CI for the last remaining red builder

catenacyber added 3 commits May 7, 2024 10:17
@catenacyber
tests: do not bother to free a null pointer
fbfee2b
@catenacyber
rust: return empty slice without using from_raw_parts
ce982b1 
As this triggers rustc 1.78
unsafe precondition(s) violated: slice::from_raw_parts requires
the pointer to be aligned and non-null,
and the total size of the slice not to exceed `isize::MAX`
@catenacyber
app-layer: do not probe a gap
bb70725 
If the flow begins with a gap, do not try run probing parsers
to recognize app-layer on it, as they have no data.
@catenacyber catenacyber mentioned this pull request May 7, 2024
Closed
@codecov
Copy link
Copy Markdown

codecov Bot commented May 7, 2024

Codecov Report

Attention: Patch coverage is 73.84615% with 68 lines in your changes are missing coverage. Please review.

Project coverage is 78.57%. Comparing base (abb7424) to head (cf0f30c).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11035      +/-   ##
==========================================
- Coverage   80.63%   78.57%   -2.06%     
==========================================
  Files         922      918       -4     
  Lines      250137   250336     +199     
==========================================
- Hits       201699   196704    -4995     
- Misses      48438    53632    +5194
Flag Coverage Δ
fuzzcorpus ?
livemode 18.59% <48.84%> (+0.03%) ⬆️
suricata-verify 62.78% <73.84%> (?)
unittests 62.27% <47.69%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

catenacyber added 3 commits May 7, 2024 14:47
@catenacyber
fuzz: build with dependencies on rust and c lib
964a384 
So that there is no need to remove the final binary, to recompile
it if there has been changes in the code.
@catenacyber
detect: helper to have pure rust keywords
5715170 
detect: make number of keywords dynamic

Ticket: 4683
@catenacyber
detect/snmp: move keywords to rust
41da302 
Ticket: 4863

On the way, convert unit test DetectSNMPCommunityTest to a SV test.

And also, make snmp.pdu_type use a generic uint32 for detection,
allowing operators, instead of just equality.
@catenacyber catenacyber force-pushed the detect-dynamic-register-keywords-4683-v3 branch from cf0f30c to 41da302 Compare May 7, 2024 12:51
@suricata-qa
Copy link
Copy Markdown

suricata-qa commented May 7, 2024

Information: QA ran without warnings.

Pipeline 20529

@catenacyber catenacyber mentioned this pull request May 7, 2024
Closed
@catenacyber
Copy link
Copy Markdown
Contributor Author

catenacyber commented May 7, 2024

Continued in #11036

@catenacyber catenacyber closed this May 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@catenacyber @suricata-qa