Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ARP: implement decoder and logger #10570

Closed
wants to merge 4 commits into from
Closed

ARP: implement decoder and logger #10570

wants to merge 4 commits into from

Conversation

glongo
Copy link
Contributor

@glongo glongo commented Mar 4, 2024

Make sure these boxes are signed before submitting your Pull Request -- thank you.

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6827

Describe changes:

  • Add decoder and logger for ARP protocol
  • Make JSONFormatAndAddMACAddr public
  • Update doc

SV_BRANCH=OISF/suricata-verify#1681

glongo added 4 commits March 4, 2024 13:25
@glongo
decode/arp: implement decoder
977edda 
This adds a decoder for ARP.

Ticket OISF#6827
@glongo
output/json: make function public
84753a5 
This change exposes 'JSONFormatAndAddMACAddr' as a public function,
allowing it to be reused across modules, such as the ARP logger, for logging
MAC addresses extracted from ARP packets.
@glongo
output-json/arp: implement logger
802b574 
This adds a logger for ARP, enabled by default.

Ticket OISF#6827
@glongo
doc: add arp changes
99d447a
@glongo glongo requested review from jufajardini, victorjulien and a team as code owners March 4, 2024 13:17
@glongo glongo mentioned this pull request Mar 4, 2024
Closed
@codecov Codecov
Copy link

codecov bot commented Mar 4, 2024

Codecov Report

Attention: Patch coverage is 28.17680% with 130 lines in your changes are missing coverage. Please review.

Project coverage is 82.67%. Comparing base (c6c1eac) to head (99d447a).

Additional details and impacted files 
@@           Coverage Diff            @@
##           master   #10570    +/-   ##
========================================
  Coverage   82.67%   82.67%            
========================================
  Files         922      924     +2     
  Lines      246969   247149   +180     
========================================
+ Hits       204179   204332   +153     
- Misses      42790    42817    +27
Flag Coverage Δ
fuzzcorpus 64.03% <8.28%> (-0.01%) ⬇️
suricata-verify 61.70% <27.07%> (-0.02%) ⬇️
unittests 62.16% <3.31%> (-0.06%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

jlucovsky
jlucovsky reviewed Mar 4, 2024
View reviewed changes
src/output-json-arp.c
@@ -0,0 +1,256 @@
/* Copyright (C) 2021 Open Information Security Foundation
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: year

src/output-json-arp.c
return "pure_ip";
case 36:
return "hw_exp1";
case 37:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://www.iana.org/assignments/arp-parameters/arp-parameters.xhtml

38 has a value as do 256 and 257.

src/output-json-arp.c

static bool JsonArpLogCondition(ThreadVars *tv, void *thread_data, const Packet *p)
{
if (!PKT_IS_ARP(p)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: suggest return PKT_IS_ARP(p)

src/output-json-arp.h
@@ -0,0 +1,28 @@
/* Copyright (C) 2021 Open Information Security Foundation
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: year

@glongo glongo closed this Mar 4, 2024
@glongo
Copy link
Contributor Author

glongo commented Mar 4, 2024

Replaced with #10572

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jlucovsky jlucovsky jlucovsky left review comments

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@glongo @jlucovsky