Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Output alert applayer v26 #10680

Closed
wants to merge 4 commits into from
Closed

Output alert applayer v26 #10680

wants to merge 4 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to redmine tickets:
https://redmine.openinfosecfoundation.org/issues/3827
Preliminary work for https://redmine.openinfosecfoundation.org/issues/5053

Describe changes:

  • output: unify boilerplate code (trying to become a lines-of-code neutral contributor to Suricata ;-) and rising the percentage of rust files )
  • output/dns: do not add empty app-layer metadata
  • dnp3: restrict function scope to one file

#10631 rebased

@catenacyber catenacyber requested review from victorjulien and a team as code owners March 20, 2024 20:56
@catenacyber catenacyber mentioned this pull request Mar 20, 2024
Closed
@codecov Codecov
Copy link

codecov bot commented Mar 20, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 98.24561% with 2 lines in your changes are missing coverage. Please review.

Project coverage is 82.78%. Comparing base (7d937db) to head (06df11b).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #10680      +/-   ##
==========================================
+ Coverage   82.69%   82.78%   +0.09%     
==========================================
  Files         926      914      -12     
  Lines      247637   247288     -349     
==========================================
- Hits       204790   204724      -66     
+ Misses      42847    42564     -283
Flag Coverage Δ
fuzzcorpus 64.33% <83.33%> (+0.28%) ⬆️
suricata-verify 61.96% <98.24%> (-0.02%) ⬇️
unittests 62.27% <42.98%> (+0.08%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 19768

victorjulien
victorjulien reviewed Mar 25, 2024
View reviewed changes
src/output.c
return TM_ECODE_FAILED;
}

static int JsonGenericDirPacketLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the removal of files, but I don't like how we now have all these protocol specific functions here. It feels like a step backwards. What is the purpose of it? Do have have some next step in mind where it can be registered from the parsers directly?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean the ones like OutputSIPLogInitSub ?

This OutputSIPLogInitSub currently lives in output-json-sip.c on the master branch.
Would you like to keep output-json-sip.c just to have this OutputSIPLogInitSub ?
Or would you like the calls to AppLayerParserRegisterLogger to be moved in rust/src/sip ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just pushed a draft commit on top to show the second possibility

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do like the second possibility more. I'd rather see less JSON stuff in output.c than more, as they should be at different levels of abstraction that got a little messy at some point.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok doing in next PR

@catenacyber catenacyber marked this pull request as draft March 25, 2024 20:26
@catenacyber catenacyber force-pushed the output-alert-applayer-v26 branch from 44645a5 to 06df11b Compare March 25, 2024 20:27
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 19817

@jasonish
Copy link
Member

Is this also preliminary work for https://redmine.openinfosecfoundation.org/issues/4683? Just was looking at programmatically registering a batch of keywords that differ in just a flag, and what would be very useful.

@catenacyber
Copy link
Contributor Author

Is this also preliminary work for https://redmine.openinfosecfoundation.org/issues/4683? Just was looking at programmatically registering a batch of keywords that differ in just a flag, and what would be very useful.

I also have commits for https://redmine.openinfosecfoundation.org/issues/4683 but I indeed focus on this first

@catenacyber catenacyber mentioned this pull request Mar 28, 2024
Closed
@catenacyber
Copy link
Contributor Author

Replaced by #10732

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien left review comments

@jasonish jasonish jasonish left review comments

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@catenacyber @suricata-qa @jasonish @victorjulien