Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect integers 6644 v12 #10234

Closed
wants to merge 5 commits into from
Closed

Detect integers 6644 v12 #10234

wants to merge 5 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6644 and all subtickets
https://redmine.openinfosecfoundation.org/issues/6645
https://redmine.openinfosecfoundation.org/issues/6646
https://redmine.openinfosecfoundation.org/issues/6647
https://redmine.openinfosecfoundation.org/issues/6648
https://redmine.openinfosecfoundation.org/issues/6628

Describe changes:

  • detect/integers: support hexadecimal notation for parsing
  • detect/integers: add mode for negated range
  • detect/integers: rust derive for enumerations
  • detect/integers: keywords now accept bitmasks
  • doc: detect/integers

#10222 with typo fixed in doc

catenacyber and others added 5 commits January 22, 2024 20:28
@catenacyber
detect: integer keywords now support hexadecimal
6c6fbbd 
So that we can write enip.revision: 0x203

Ticket: 6645
@catenacyber
detect: integer keywords now accept negated ranges
2adbd03 
Ticket: 6646
@catenacyber
detect/integer: rust derive for enumerations
08dc21e 
Ticket: 6647

Allows keywords using integers to use strings in signature
parsing based on a rust enumeration with a derive.
@catenacyber
detect: integer keywords now accept bitmasks
f27ea82 
Ticket: 6648

Like &0x40=0x40 to test for a specific bit set
@catenacyber
doc: integer keywords
67bd213 
Ticket: 6628

Document the generic detection capabilities for integer keywords.
and make every integer keyword pointing to this section.
@catenacyber catenacyber mentioned this pull request Jan 24, 2024
Closed
@suricata-qa
Copy link

Information:

ERROR: QA failed on SURI_TLPW1_files_sha256.

field baseline test %
SURI_TLPR1_stats_chk
.app_layer.error.http.parser 1108 724 65.34%

Pipeline 17729

@catenacyber
Copy link
Contributor Author

Why is CI using libhtp 0.5.45 and not 0.5.x ?

@jasonish
Copy link
Member

Why is CI using libhtp 0.5.45 and not 0.5.x ?

CI uses scripts/bundle.sh which uses requirements.txt for repeatable builds in and out of CI. requirements.txt hasn't been updated since the 7.0.0 release it looks like.

jasonish
jasonish reviewed Jan 24, 2024
View reviewed changes
doc/userguide/rules/dhcp-keywords.rst
@@ -6,6 +6,8 @@ dhcp.leasetime

DHCP lease time (integer).

dhcp.leasetime uses an :ref:`unsigned 64-bits integer <rules-integer-keywords>`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

64-bits or 64-bit?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without an s if I believe

16-bit integers are those that are 16 bits (2 octets) wide.

Fixing that

jasonish
jasonish reviewed Jan 24, 2024
View reviewed changes
rust/src/detect/mod.rs

/// Enum trait that will be implemented on enums that
/// derive StringEnum.
pub trait Enum<T> {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would EnumString be a better name?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indeed

@catenacyber catenacyber mentioned this pull request Jan 25, 2024
Closed
@catenacyber
Copy link
Contributor Author

Replaced by #10241

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish jasonish left review comments

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@catenacyber @suricata-qa @jasonish