eve/filetypes: eve filetypes are not always plugins; API docs; simpler - v4 #10636
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Issue: 6408 Use the Suricata thread id for plugin thread initialization to give the plugin a better correlating factor to the actual Suricata threads.
Remove EVE filetypes from plugin context as they are not only used from plugins. Plugins allow user code to register filetypes, but we also have internal file types that use this api including the null output and syslog. Additionally library users can use this API to register filetypes, and they are not plugins. Ideally this code would go in "output-json.[ch]" as the "primary" eve API, however there are currently some include circular include issues there, so start new cleaned up EVE API in "output-eve.[ch]" which is "clean" with respect to includes, and as we cleanup existing EVE API for "public" use, it can be moved here. Ticket: OISF#6838
Remove "conf.h" from suricata-plugin.h as its not needed by that header. However, some other files became transitively dependent on through other includes, so fix those up.
EVE filetypes are not always plugins, for example, null and syslog that are built-in filetypes.
In 7.0 if EVE was non-threaded, the ThreadInit for the filetype was not called meaning that the filetype author had to handle the threaded and non-threaded cases. To simplify this, if non-threaded, still call ThreadInit (and ThreadDeinit) once with a thread_id of 0. This should simplify authoring EVE filetype plugins.
Add documentation for the SCEveFileType in Doxygen format.
Change ThreadDeinit to return void instead of an int, there is nothing to be done on success or failure.
Enhances readability.
Add an upgrade section to the devguide. This should cover any changes to APIs that users might be using from plugins or as a library user.
jasonish
requested review from
jufajardini,
victorjulien and
a team
as code owners
|
Information: QA ran without warnings. Pipeline 19329 |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #10636 +/- ##
==========================================
- Coverage 82.68% 82.53% -0.15%
==========================================
Files 925 926 +1
Lines 247552 247560 +8
==========================================
- Hits 204680 204327 -353
- Misses 42872 43233 +361
Flags with carried forward coverage won't be shown. Click here to find out more. |
victorjulien
approved these changes
Mar 14, 2024
jlucovsky
approved these changes
Mar 14, 2024
This was referenced Mar 15, 2024
Closed
Merged
|
Merged in #10652, thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previous PR: #10621
Changes from last PR:
Tickets: