ndpi: ndpi as a plugin - v2 #12120
ndpi: ndpi as a plugin - v2 #12120
Conversation
jasonish
force-pushed
the
ish/ndpi/plugin/v2
branch
from
0240d20
to
09a3da0
Compare
|
Information: QA ran without warnings. Pipeline 23321 |
|
How would testing this in SV work? Is there a way to know in a test that ndpi is available? |
I think S-V will need a small update to pick out enabled built-in plugins. I'm not sure if we have to add a "HAVE_XXX" for something that is not statically enabled. We already have some support for this in S-V, but it just doesn't pickup stuff under the "Plugin" section of The other question is if fields that are added to the logs by plugins should go into the schema as well? |
This will require us to load the plugins and check the config before build info, right? Wrt the schema, would it make sense to have a per plugin additional schema that is somehow used for those records? |
This PR has the following in S-V could also test that the plugin.so file exists as well. |
Will require research to see if JSON schema can be extended from another file, and if the schema validation libs we use would support doing that as well. |
So this tells us it is built, but not necessary loaded, right? So then the SV test would either need to load the plugin, or it would need to be able to check if it is loaded? |
If this is So probably have to do something like: requires:
files:
- plugins/ndpi/ndpi.so
args:
- --set plugins.0=./plugins/ndpi/ndpi.so |
Just a rebase and non-draft PR now that the support work has been merged into master.
cc: @lucaderi @cardigliano
Ticket: https://redmine.openinfosecfoundation.org/issues/7231