Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Applayer plugin 5053 v3.13 #12118

Open
wants to merge 17 commits into
base: master
Choose a base branch
from
Open

Applayer plugin 5053 v3.13 #12118

wants to merge 17 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/5053

Describe changes:

  • get ready to use dynamic number of app-layer protos (also work with static constant) in some places
  • preventive fix of macro with parenthesis cc @jufajardini

#12116 with clean history and in-tree plugin testing (without logging enabled)

@catenacyber
protodetect: make expectation_proto part of AppLayerProtoDetectCtx
58acd82 
instead of a global variable.

For easier initialization with dynamic number of protocols
@catenacyber
protodetect: use dynamic number of app-layer protos
f64ad70 
for expectation_proto

Ticket: 5053
@catenacyber
protodetect: use dynamic number of app-layer protos
b377ea1 
for alproto_names

Ticket: 5053
@catenacyber
frames: use dynamic number of app-layer protos
b775769 
Ticket: 5053
@catenacyber
util: parenthesis for macro
050b599 
so that we can use safely EXCEPTION_POLICY_MAX*sizeof(x)
@catenacyber
app-layer/stats: use dynamic number of app-layer protos
9d2bc8d 
Ticket: 5053
@catenacyber
fuzz: use dynamic number of app-layer protos
6881109 
Ticket: 5053

delay after initialization so that StringToAppProto works
@catenacyber
app-layer/parser: use dynamic number of app-layer protos
7b40d15 
Ticket: 5053
@catenacyber
profiling: use dynamic number of app-layer protos
8ae806e 
Ticket: 5053
@catenacyber
fuzz: better init for protocol detection
be46488
@catenacyber
fuzz: simplify target for protocol detection
a3f0ab8 
As too many cases are found when splitting tcp payload
@catenacyber
sip: remove UPDATE method for detection
783bbe0 
As it is also used for HTTP/1
Remove it only for TCP and keep it for UDP.
@catenacyber
app-layer: move ALPROTO_FAILED definition
40b7eee 
Because some alprotos will remain static and defined as a constant,
such as ALPROTO_UNKNOWN=0, or ALPROTO_FAILED.

The regular already used protocols keep for now their static
identifier such as ALPROTO_SNMP, but this could be made more
dynamic in a later commit.

ALPROTO_FAILED was used in comparison and these needed to change to use
either ALPROTO_MAX or use standard function AppProtoIsValid
@catenacyber
app-layer: make number of alprotos dynamic
d535a4e 
Ticket: 5053

The names are now dynamically registered at runtime.
The AppProto alproto enum identifiers are still static for now.

This is the final step before app-layer plugins.
@catenacyber
plugins: app-layer plugins
c3a5008 
Ticket: 5053
@catenacyber
app-layer: improve limits on number of probing parsers
6e320fc 
There was an implicit limit of 32 app-layer protocols
used by probing parsers through a mask, meaning that
Suricata should not support more than 32 app-layer protocols
in total.

This limit is relaxed to each flow not being able to
run more than 32 probing parsers, meaning that for each source
and destination port combination, the sum of registered
probing parsers should not exceed 32, even if there are more
than 32 in total.
@catenacyber
plugin: add in-tree zabbix plugin for testing
89cb933
@catenacyber catenacyber mentioned this pull request Nov 13, 2024
Closed
@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPW1_stats_chk
.app_layer.error.tls.parser 1152 1203 104.43%
SURI_TLPR1_stats_chk
.app_layer.tx.ftp 95372 102159 107.12%
.ftp.memuse 2878 10638 369.63%

Pipeline 23315

@victorjulien victorjulien added the needs rebase Needs rebase to master label Nov 14, 2024
jasonish
jasonish reviewed Nov 14, 2024
View reviewed changes
examples/plugins/zabbix/Cargo.toml
edition = "2021"

[lib]
crate-type = ["cdylib"]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is correct for using the C ABI? @chifflier?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish jasonish left review comments

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
needs rebase Needs rebase to master
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@catenacyber @suricata-qa @jasonish @victorjulien