Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rust/app-layer: derive functions for app-layer events - v10 #6318

Closed
wants to merge 18 commits into from
Closed

rust/app-layer: derive functions for app-layer events - v10 #6318

wants to merge 18 commits into from

Conversation

jasonish
Copy link
Member

Previous PR: #5579

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4154

Changes from last PR:

  • Squash some fixup commits
  • Rebase, add modbus

This PR shows how we can use a Rust procedural macro to derive AppLayer event
functions from an emum.

Given an enum like:

#[derive(Debug, PartialEq, AppLayerEvent)]
pub enum DNSEvent {
    MalformedData,
    NotRequest,
    NotResponse,
    ZFlagSet,
}

supporting code will be added allowing the protocol to register
get_event_info and get_event_info_by_id callbacks like:

get_eventinfo: Some(DNSEvent::get_event_info),
get_eventinfo_byid: Some(DNSEvent::get_event_info_by_id),

All the parser needs to do is enumerate the different events, the macro will
take care of generating the support code.

jasonish added 18 commits August 30, 2021 10:16
@jasonish
rust/applayer: define AppLayerEvent trait
0d07b0d 
The derive macro will implement this trait for app-layer
event enums.
@jasonish
rust: derive crate: for custom derives
0a2ce27 
Currently has one derive, AppLayerEvent to be used like:

  #[derive(AppLayerEvent)]
  pub enum DNSEvent {
      MalformedData,
      NotRequest,
      NotResponse,
      ZFlagSet,
  }

Code will be generated to:
- Convert enum to a c type string
- Convert string to enum variant
- Convert id to enum variant
@jasonish
rust/applayer: provide generic event info functions
8dd1b54 
Provide generic functions for get_event_info and
get_event_info_by_id. These functions can be used by any app-layer
event enum that implements AppLayerEvent.

Unfortunately the parser registration cannot use these functions
directly as generic functions cannot be #[no_mangle]. So they
do need small extern "C" wrappers around them.
@jasonish
applayerevent: derive get_event_info and get_event_info_by_id
2ed4c0c 
Add generation of wrapper functions for get_event_info
and get_event_info_by_id to the derive macro. Eliminates
the need for the wrapper method to be created by the parser
author.
@jasonish
dns: use derive macro for DNSEvent
982827e
@jasonish
mqtt: derive AppLayerEvent for MQTTEvent
3bd51a7
@jasonish
smb: use derived get_event_info/get_event_info_by_id
aa1463d
@jasonish
dhcp: use derived app-layer event
d10d7dd
@jasonish
ssh: use derived app-layer event
050d634
@jasonish
snmp: use derived app-layer event
a1424c2
@jasonish
sip: use derived app-layer event
dd5d8d9
@jasonish
rfb: register None for get_event_info/get_event_info_by_id
2d1b70b 
Implementations are not required if they're just going to return
-1. We allow None to be registered for that.
@jasonish
ntp: use derived app-layer event
8e24165
@jasonish
krb5: use derived app-layer event
9c44aa0
@jasonish
http2: use derived app-layer event
3933356
@jasonish
app-layer template: use derived app-layer event
2c2e754
@jasonish
modbus: use derive macro from app-layer events
9c250eb
@jasonish
ike: use derive macro from app-layer events
d9a18ff
@jasonish jasonish requested review from victorjulien and a team as code owners August 30, 2021 23:00
@jasonish jasonish mentioned this pull request Aug 30, 2021
Closed
@codecov
Copy link

codecov bot commented Aug 30, 2021

Codecov Report

Merging #6318 (d9a18ff) into master (7551247) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #6318   +/-   ##
=======================================
  Coverage   76.95%   76.95%           
=======================================
  Files         611      611           
  Lines      185955   185955           
=======================================
  Hits       143102   143102           
  Misses      42853    42853
Flag Coverage Δ
fuzzcorpus 52.87% <ø> (+0.01%) ⬆️
suricata-verify 51.10% <ø> (-0.02%) ⬇️
unittests 63.12% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

This was referenced Aug 31, 2021
Closed
Closed
Merged
@victorjulien
Copy link
Member

Merged in #6324, thanks!

@jasonish jasonish deleted the derive-app-event/v10 branch September 2, 2021 19:58
AkakiAlice added a commit to AkakiAlice/suricata that referenced this pull request Oct 3, 2024
@AkakiAlice
detect-engine-address-ipv4: convert unittests to FAIL/PASS APIs
9a6a793 
Ticket OISF#6318
@AkakiAlice AkakiAlice mentioned this pull request Oct 3, 2024
Closed
5 tasks
AkakiAlice added a commit to AkakiAlice/suricata that referenced this pull request Oct 3, 2024
@AkakiAlice
detect/address: convert ipv4 unittests to FAIL/PASS
2cf7abc 
Ticket: OISF#6318
@AkakiAlice AkakiAlice mentioned this pull request Oct 3, 2024
Closed
5 tasks
AkakiAlice added a commit to AkakiAlice/suricata that referenced this pull request Oct 5, 2024
@AkakiAlice
detect/address: convert ipv4 unittests to FAIL/PASS
bde22fb 
Ticket: OISF#6318
@AkakiAlice AkakiAlice mentioned this pull request Oct 5, 2024
Closed
5 tasks
victorjulien pushed a commit to victorjulien/suricata that referenced this pull request Oct 8, 2024
@AkakiAlice @victorjulien
detect/address: convert ipv4 unittests to FAIL/PASS
d5dd549 
Ticket: OISF#6318
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jasonish @victorjulien