Mqtt frames v8 by hsadia538 · Pull Request #8540 · OISF/suricata

hsadia538 · 2023-02-13T10:30:10Z

I have read the contributing guide lines at https://suricata.readthedocs.io/en/latest/devguide/codebase/contributing/contribution-process.html
I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/
I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/5731

Previous PR: #8508

Describe new changes:

Add trunc.data frames to cater for truncated packets

suricata-verify-pr: 1123

Adds PDU, Header and Data frame to the MQTT parser. Ticket: 5731

codecov · 2023-02-13T10:59:24Z

Codecov Report

Merging #8540 (214ea8b) into master (d9e6301) will increase coverage by 0.07%.
The diff coverage is 79.13%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #8540      +/-   ##
==========================================
+ Coverage   81.84%   81.91%   +0.07%     
==========================================
  Files         967      967              
  Lines      278343   278480     +137     
==========================================
+ Hits       227799   228122     +323     
+ Misses      50544    50358     -186

Flag	Coverage Δ
fuzzcorpus	`64.09% <78.26%> (+0.15%)`	⬆️
suricata-verify	`59.82% <79.13%> (+0.16%)`	⬆️
unittests	`63.33% <1.73%> (-0.02%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

inashivb · 2023-02-18T08:10:08Z

+    Pdu,
+    Header,
+    Data,
+    TruncData,


Following the discussion that happened privately, this data frame type does not seem to be necessary as we cannot annotate something that does not exist. Even if the data is truncated, the parsed parts can be tagged with Pdu, so, we can get rid of this. Make sure to add tests corresponding to truncated data. e.g.

aaaaaaaaaaaaaaabbbbbbbbbb

where a..a == data exactly the length limit
b..b == extra data that should ideally be truncated by the parser.
So, you have three tests.

Well within the boundary.
check for say first 4B of data in Pdu, it should match.

Boundary test. Should match.
check for all aaaa exactly up to the length limit.

Post boundary test. Should not match.
check for aaaa...bbb i.e. good data + truncated data

hsadia538 · 2023-04-15T20:05:06Z

followed by #8730

hsadia538 added 2 commits February 13, 2023 15:15

mqtt: add mqtt frames

4460250

Adds PDU, Header and Data frame to the MQTT parser. Ticket: 5731

mqtt: rustfmt mqtt.rs

214ea8b

hsadia538 requested a review from jasonish as a code owner February 13, 2023 10:30

This was referenced Feb 13, 2023

Mqtt frames v4 OISF/suricata-verify#1123

Closed

Mqtt frames v7 #8513

Closed

jufajardini added the outreachy Contributions made by Outreachy applicants label Feb 13, 2023

inashivb requested changes Feb 18, 2023

View reviewed changes

This was referenced Apr 15, 2023

Mqtt frames v5 OISF/suricata-verify#1172

Closed

Mqtt frames v9 #8730

Closed

hsadia538 closed this Apr 15, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Mqtt frames v8#8540

Mqtt frames v8#8540
hsadia538 wants to merge 2 commits into
OISF:masterfrom
hsadia538:mqtt-frames-v8

hsadia538 commented Feb 13, 2023

Uh oh!

codecov Bot commented Feb 13, 2023

Uh oh!

inashivb Feb 18, 2023

Uh oh!

hsadia538 commented Apr 15, 2023

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

3 participants

Conversation

hsadia538 commented Feb 13, 2023

Uh oh!

codecov Bot commented Feb 13, 2023

Codecov Report

Uh oh!

inashivb Feb 18, 2023

Choose a reason for hiding this comment

Uh oh!

hsadia538 commented Apr 15, 2023

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

3 participants