Skip to content

detect/mqtt: reason_code keyword is now a multi-integer #14274

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

detect/mqtt: reason_code keyword is now a multi-integer #14274

wants to merge 1 commit into from
+51 −7

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Nov 4, 2025

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7929

Describe changes:

  • detect/mqtt: reason_code keyword is now a multi-integer

Draft to get feedback :
The current detect_uint_match_at_index uses a Vec
Here for mqtt.reason_code, we do not have a Vec ready, because we have a Vector of Vector of u8...
So, proposal is to build a Vec<u8> and keep old code if detect index is any

Other keywords have the same pattern :

  • enip.cip_attribute (array of arrays)
  • enip.cip_class (array of arrays)
  • enip.cip_status (array of arrays)
  • enip.cip_instance (array of arrays)
  • enip.cip_extendedstatus (array of arrays)

@catenacyber catenacyber force-pushed the detect-integers-allmulti-7929-v7 branch from e1dda23 to 61a1348 Compare November 4, 2025 20:57
@catenacyber catenacyber marked this pull request as draft November 4, 2025 21:00
@codecov
Copy link

codecov bot commented Nov 4, 2025

Codecov Report

❌ Patch coverage is 21.87500% with 25 lines in your changes missing coverage. Please review.
✅ Project coverage is 84.20%. Comparing base (c61f1cb) to head (61a1348).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14274      +/-   ##
==========================================
- Coverage   84.21%   84.20%   -0.02%     
==========================================
  Files        1013     1013              
  Lines      262126   262152      +26     
==========================================
- Hits       220752   220739      -13     
- Misses      41374    41413      +39
Flag Coverage Δ
fuzzcorpus 63.32% <21.87%> (-0.01%) ⬇️
livemode 18.70% <0.00%> (-0.02%) ⬇️
pcap 44.56% <0.00%> (-0.04%) ⬇️
suricata-verify 64.89% <21.87%> (+<0.01%) ⬆️
unittests 59.23% <0.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa
Copy link

suricata-qa commented Nov 5, 2025

Information: QA ran without warnings.

Pipeline = 28325

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@catenacyber @suricata-qa