Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enip rust 3958 v12 #10183

Closed
wants to merge 9 commits into from
Closed

Enip rust 3958 v12 #10183

wants to merge 9 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3958

Describe changes:

  • convert enip parser to rust
  • integer keywords now support hexadecimal notation

Alon the way, also

  • transactions are now bidirectional
  • there is a enip logger
  • gap support is improved with probing for resync
  • frames
  • events
  • enip_command keyword accepts now string enumeration as values.
  • more keywords

#10178 with clippy fixes + rebase on #10179 + SV test rebased

SV_BRANCH=pr/1582

OISF/suricata-verify#1582

catenacyber and others added 9 commits January 16, 2024 15:42
@catenacyber
detect: integer keywords now support hexadecimal
624e046 
So that we can write enip.revision: 0x203

Ticket: 6645
@catenacyber
detect: integer keywords now accept negated ranges
6268910 
Ticket: 6646
@catenacyber
detect/integer: rust derive for enumerations
32728a2 
Ticket: 6647

Allows keywords using integers to use strings in signature
parsing based on a rust enumeration with a derive.
@catenacyber
detect: integer keywords now accept bitmasks
d484f02 
Ticket: 6648

Like &0x40=0x40 to test for a specific bit set
@catenacyber
doc: integer keywords
0592965 
Ticket: 6628

Document the generic detection capabilities for integer keywords.
and make every integer keyword pointing to this section.
@catenacyber
output/dnp3: restrict function scope to one file
9726d36
@catenacyber
output/dns: do not add empty app-layer metadata
40257af
@catenacyber
output: generic simple tx json logger
a910fc8 
Ticket: 3827
@catenacyber
enip: convert to rust
5e53d78 
Ticket: 3958

- transactions are now bidirectional
- there is a logger
- gap support is improved with probing for resync
- frames support
- app-layer events
- enip_command keyword accepts now string enumeration as values.
- add enip.status keyword
- add keywords :
    enip.product_name, enip.protocol_version, enip.revision,
    enip.identity_status, enip.state, enip.serial, enip.product_code,
    enip.device_type, enip.vendor_id, enip.capabilities,
    enip.cip_attribute, enip.cip_class, enip.cip_instance,
    enip.cip_status, enip.cip_extendedstatus
@catenacyber catenacyber mentioned this pull request Jan 16, 2024
Closed
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 17551

@catenacyber catenacyber mentioned this pull request Jan 17, 2024
Closed
@catenacyber
Copy link
Contributor Author

Replaced by #10186

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @suricata-qa