Skip to content

Iprep feature 6857/v2#11091

Closed
victorjulien wants to merge 5 commits into
OISF:masterfrom
victorjulien:iprep-feature-6857/v2
Closed

Iprep feature 6857/v2#11091
victorjulien wants to merge 5 commits into
OISF:masterfrom
victorjulien:iprep-feature-6857/v2

Conversation

@victorjulien
Copy link
Copy Markdown
Member

@victorjulien victorjulien commented May 16, 2024
edited
Loading

Implementation of isset and isnotset for the iprep keyword.

https://redmine.openinfosecfoundation.org/issues/6857

Replaces #11057:

  • rebase to master
  • reimplement isnotset
  • tidy up parsing code
  • review comments

Draft because: commits need to be tightened up.

SV_BRANCH=OISF/suricata-verify#1834

@victorjulien
detect/iprep: update keyword parser for extendibility
c9ae66a
@victorjulien
reputation: minor cleanup
f1bc017 
No need to init ptrs to NULL after SCCalloc.
@victorjulien
detect/iprep: implement isset and isnotset
c4fefb1 
Implement special "isset" and "isnotset" modes.

"isset" matches if an IP address is part of an iprep category with any
value.

It is internally implemented as ">=,0", which should always be true if
there is a value to evaluate, as valid reputation values are 0-127.

"isnotset" matches if an IP address is not part of an iprep category.

It is internally stored as "=,255", but has some special case handling
in the `DetectIPRepMatch` function.

Ticket: OISF#6857.
@victorjulien
detect/iprep: consolidate rule parsing
45e3721
@victorjulien
detect/iprep: reimplement isnotset outside of uint support
3931131
This was referenced May 16, 2024
Closed
Closed
victorjulien
victorjulien commented May 16, 2024
View reviewed changes
Comment thread rust/src/detect/iprep.rs
return Err(make_error("unknown category".to_string()));
}

if values.len() == 4 {
Copy link
Copy Markdown
Member Author

@victorjulien victorjulien May 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use args

@suricata-qa
Copy link
Copy Markdown

suricata-qa commented May 16, 2024

Information: QA ran without warnings.

Pipeline 20652

@victorjulien victorjulien mentioned this pull request Jun 6, 2024
Closed
@victorjulien
Copy link
Copy Markdown
Member Author

victorjulien commented Jun 6, 2024

replaced by #11264

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@victorjulien @suricata-qa