Skip to content

Detect generic uint 4112 v5#7170

Closed
catenacyber wants to merge 6 commits intoOISF:masterfrom
catenacyber:detect-generic-uint-4112-v5
Closed

Detect generic uint 4112 v5#7170
catenacyber wants to merge 6 commits intoOISF:masterfrom
catenacyber:detect-generic-uint-4112-v5

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Mar 24, 2022

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/4112

Describe changes:

  • Makes use of generic DetectUint structure for dsize and dcerpc, ttl, tcpmss, filesize (and template2)

Replaces #7167 with style fixes from code review

Still TODO:

  • more keywords in C use specific versions, but they are more complex than just an integer
  • look for uses of set_uint in loggers to see if we can easily a new keywords
  • wait for ET to change rules 2030055 and 2030056
> git grep _LT src/*.h | grep DETEC
src/detect-ipproto.h:#define DETECT_IPPROTO_OP_LT     '<' /**< "less than" operator */
src/detect-iprep.h:#define DETECT_IPREP_OP_LT        0
src/detect-stream_size.h:#define DETECTSSIZE_LT 0
src/detect-tls-cert-validity.h:#define DETECT_TLS_VALIDITY_LT (1<<1) /* less than */
src/detect-urilen.h:#define DETECT_URILEN_LT   0   /**< "less than" operator */

@catenacyber catenacyber requested review from a team, jasonish and victorjulien as code owners March 24, 2022 21:09
@catenacyber catenacyber mentioned this pull request Mar 24, 2022
Closed
@suricata-qa
Copy link

suricata-qa commented Mar 25, 2022

ERROR:
ERROR: Invalid Signature config error in tlpr1_asan_cfg QA test

ERROR: QA failed on tlpr1_asan_cfg.

Pipeline 6636

@catenacyber catenacyber mentioned this pull request Mar 25, 2022
Closed
3 tasks
@victorjulien victorjulien marked this pull request as draft April 15, 2022 09:12
@victorjulien
Copy link
Member

victorjulien commented Apr 15, 2022

CI and QA failure, so set it to draft.

@catenacyber
detect: rust generic functions for integers
46fc153 
Ticket: 4112

Move it away from http2 to generic core crate.
And use it for DCERPC (and SMB)

And remove the C version.
Main change in API is the free function is not free itself, but
a rust wrapper around unbox.
@catenacyber
detect: use generic integer functions for dsize
f3509b4 
Ticket: 4112
@catenacyber
detect: use generic integer functions for ttl
7c0ddda 
Ticket: 4112
@catenacyber
detect: use generic integer functions for template2
6543567
@catenacyber
detect: use generic integer functions for tcp mss
ea9c01a 
Ticket: 4112
@catenacyber
detect: use generic integer functions for filesize
e5b52c5 
Ticket: 4112
@catenacyber catenacyber force-pushed the detect-generic-uint-4112-v5 branch from 25cd6cf to e5b52c5 Compare April 15, 2022 11:42
@catenacyber
Copy link
Contributor Author

catenacyber commented Apr 15, 2022

CI and QA failure, so set it to draft.

Looks like ET changed rules 2030055 and 2030056, cf https://www.proofpoint.com/us/daily-ruleset-update-summary-20220324
So resetting it to ready for review

@catenacyber catenacyber marked this pull request as ready for review April 15, 2022 11:42
@suricata-qa
Copy link

suricata-qa commented Apr 17, 2022

ERROR:
ERROR: Invalid Signature config error in tlpr1_asan_cfg QA test

ERROR: QA failed on tlpr1_asan_cfg.

Pipeline 6937

@catenacyber catenacyber mentioned this pull request Apr 25, 2022
Closed
@catenacyber
Copy link
Contributor Author

catenacyber commented Apr 25, 2022

Replaced by #7302

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien

@jasonish jasonish Awaiting requested review from jasonish

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@catenacyber @suricata-qa @victorjulien