Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

next/484/20240615/v1 #11309

Merged
merged 22 commits into from
Jun 16, 2024
Merged

next/484/20240615/v1 #11309

merged 22 commits into from
Jun 16, 2024

Conversation

victorjulien
Copy link
Member

victorjulien and others added 22 commits June 15, 2024 15:43
@victorjulien
detect/iprep: update keyword parser for extendibility
539ab3a
@victorjulien
reputation: minor cleanup
3e46c51 
No need to init ptrs to NULL after SCCalloc.
@victorjulien
detect/iprep: implement isset and isnotset
83976a4 
Implement special "isset" and "isnotset" modes.

"isset" matches if an IP address is part of an iprep category with any
value.

It is internally implemented as ">=,0", which should always be true if
there is a value to evaluate, as valid reputation values are 0-127.

"isnotset" matches if an IP address is not part of an iprep category.

Internally it is implemented outside the uint support.

Ticket: OISF#6857.
@victorjulien
detect/iprep: update function naming
37be66e 
Bring in line with new Rust code naming for FFI functions.
@victorjulien
doc/userguide: add more operators to iprep
2f74d43
@victorjulien
doc/userguide: document iprep isset/isnotset
8b42182
@victorjulien
doc: update eBPF compilation instructions
521d1cb 
Ticket: OISF#6599
@victorjulien
github-ci: remove gosu from installed packages
6d663ec
@victorjulien
github-ci: add minimal build for Ubuntu and AlmaLinux
cd7c35e
@victorjulien
doc: port user install and build instruction from master-6.0.x
bd96087 
Ticket: OISF#6686
@regit @victorjulien
profiling: add option to active rules profiling at start
eecb344 
When replaying a pcap file, it is not possible to get rules
profiling because it has to be activated from the unix socket.
This patch adds a new option to be able to activate profiling
collection at start so a pcap run can get rules profiling
information.
@regit @victorjulien
profiling: check packet flag first
b128a75 
This fixes the state handling and simplify the logic.
@catenacyber @victorjulien
enip: remove unnecessary unsafe
08c511f 
As the function SCEnipRegisterParsers is already marked as unsafe
@catenacyber @victorjulien
detect: helper to have pure rust keywords
4bbe7d9 
detect: make number of keywords dynamic

Ticket: 4683
@catenacyber @victorjulien
detect/snmp: move keywords to rust
ae72376 
Ticket: 4863

On the way, convert unit test DetectSNMPCommunityTest to a SV test.

And also, make snmp.pdu_type use a generic uint32 for detection,
allowing operators, instead of just equality.
@catenacyber @victorjulien
detect/dhcp: move keywords to rust
16952d6 
Ticket: 4863
@catenacyber @victorjulien
detect/websocket: move keywords to rust
ce1eea4 
Ticket: 4863
@catenacyber @victorjulien
detect/enip: move keywords to rust
4fe3f04 
Ticket: 4863
@jasonish @victorjulien
cargo: use default-features instead of default_features
a1bb62c 
"default_features" is being deprecated in Rust 2024.
@jasonish @victorjulien
rust: fix clippy lint for legacy_numeric_constants
ee2175c 
https://rust-lang.github.io/rust-clippy/master/index.html#legacy_numeric_constants
@jasonish @victorjulien
rust: simply matches with unwrap_or_default
29d7ff0 
New default clippy warning:
https://rust-lang.github.io/rust-clippy/master/index.html#manual_unwrap_or_default
@jasonish @victorjulien
rust/ike: prefix never read field names with _
49ecf37 
New warning from rustc.

The other option is to allow dead code, however this is more explicit,
and when they are read, its obvious they should be renamed.
@victorjulien victorjulien requested review from jasonish, jufajardini and a team as code owners June 15, 2024 17:39
@codecov Codecov
Copy link

codecov bot commented Jun 15, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 85.64103% with 252 lines in your changes missing coverage. Please review.

Project coverage is 82.47%. Comparing base (f0dbfe8) to head (49ecf37).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11309      +/-   ##
==========================================
+ Coverage   82.45%   82.47%   +0.01%     
==========================================
  Files         961      934      -27     
  Lines      251710   252270     +560     
==========================================
+ Hits       207552   208055     +503     
- Misses      44158    44215      +57
Flag Coverage Δ
fuzzcorpus 60.26% <51.38%> (-0.05%) ⬇️
livemode 18.76% <36.70%> (+0.07%) ⬆️
pcap 43.77% <37.42%> (-0.02%) ⬇️
suricata-verify 61.31% <82.91%> (+0.13%) ⬆️
unittests 59.91% <44.72%> (-0.05%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

WARNING:

ERROR: QA failed on SURI_TLPR1_suri_time.

field baseline test %
SURI_TLPW2_autofp_stats_chk
.flow.end.tcp_state.last_ack 0 1 -
SURI_TLPR1_stats_chk
.uptime 642 688 107.17%

Pipeline 21097

jasonish
jasonish approved these changes Jun 15, 2024
View reviewed changes
Copy link
Member

@jasonish jasonish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Merge looks clean.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 21100

@victorjulien victorjulien merged commit 49ecf37 into OISF:master Jun 16, 2024
53 checks passed
This was referenced Jun 16, 2024
Closed
Closed
Closed
Closed
Closed
Closed
@victorjulien victorjulien deleted the next/484/20240615/v1 branch June 16, 2024 20:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish jasonish approved these changes

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@victorjulien @suricata-qa @jasonish @regit @catenacyber