Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect: add vlan.id keyword - v9 #12360

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

detect: add vlan.id keyword - v9 #12360

wants to merge 2 commits into from

Conversation

AkakiAlice
Copy link
Contributor

@AkakiAlice AkakiAlice commented Jan 8, 2025
edited
Loading

Ticket: #1065

Contribution style:

Our Contribution agreements:

Changes (if applicable):

Link to ticket: https://redmine.openinfosecfoundation.org/issues/1065

Description:

  • introduce vlan.id and vlan.layers keywords

Changes:

  • rename detect-vlan-id.c/.h to detect-vlan.c/.h
  • rename vlan_id.rs to vlan.rs
  • rename branch from detect-vlan-id-1065-v9 to detect-vlan-1065-v9

vlan-keywords.rst:

  • replace table with text: line 29
  • change the description of default and any in the table from "Match all layers" to "Match with any layer": line 39, line43
  • add ilustration that shows how indexing works for vlan.id: line 46
  • document vlan.layers: line 87

detect-vlan.c:

  • replace SIG_MASK_REQUIRE_FLOW with SIG_MASK_REQUIRE_REAL_PKT: line 123
  • implement vlan.layers: line 208

vlan.rs:

  • add comments for DetectVlanIdData struct: line 29

SV_BRANCH=OISF/suricata-verify#2222
Previous PR: #12333

@AkakiAlice
detect: add vlan.id keyword
da8f4d5 
vlan.id matches on Virtual Local Area Network IDs
It is an unsigned 16-bit integer
Valid range = [1-4094]
Supports prefiltering

Ticket: OISF#1065
@AkakiAlice
detect: add vlan.layers keyword
fa23564 
vlan.layers matches on the number of VLAN layers per packet
It is an unsigned 8-bit integer
Valid range = [0-3]
Supports prefiltering

Ticket: OISF#1065
@AkakiAlice AkakiAlice force-pushed the detect-vlan-1065-v9 branch from 20c5fcf to fa23564 Compare January 8, 2025 22:40
@AkakiAlice AkakiAlice mentioned this pull request Jan 8, 2025
Closed
5 tasks
@codecov Codecov
Copy link

codecov bot commented Jan 8, 2025

Codecov Report

Attention: Patch coverage is 88.84462% with 28 lines in your changes missing coverage. Please review.

Project coverage is 83.26%. Comparing base (def22fa) to head (fa23564).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12360      +/-   ##
==========================================
+ Coverage   83.23%   83.26%   +0.02%     
==========================================
  Files         912      914       +2     
  Lines      257647   257897     +250     
==========================================
+ Hits       214450   214726     +276     
+ Misses      43197    43171      -26
Flag Coverage Δ
fuzzcorpus 61.23% <13.42%> (+0.01%) ⬆️
livemode 19.39% <13.42%> (-0.01%) ⬇️
pcap 44.41% <13.42%> (+0.01%) ⬆️
suricata-verify 62.87% <77.85%> (+0.01%) ⬆️
unittests 59.18% <56.17%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

catenacyber
catenacyber requested changes Jan 9, 2025
View reviewed changes
Copy link
Contributor

@catenacyber catenacyber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Alice, nice work, but some typos to fix in doc

CI : 🟢
Code : cool
Commits segmentation : ok
Commit messages : nice, Valid range = [1-4094] is it not 4096 ?
Git ID set : looks fine for me
CLA : you already contributed
Doc update : typos ⚠️
Redmine ticket : ok
Rustfmt : ok
Tests : ok cool
Dependencies added: none

catenacyber
catenacyber reviewed Jan 9, 2025
View reviewed changes
rust/src/detect/vlan.rs
#[derive(Debug, PartialEq)]
pub struct DetectVlanIdData {
pub du16: DetectUintData<u16>, // vlan id
pub layer: i8, // vlan layer
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think Victor wants more a comment explaining, that this can be DETECT_VLAN_ID_ANY or DETECT_VLAN_ID_ALL or negative index to match from the end...

catenacyber
catenacyber reviewed Jan 9, 2025
View reviewed changes
rust/src/detect/mod.rs
@@ -37,7 +38,9 @@ use std::os::raw::{c_int, c_void};
/// derive StringEnum.
pub trait EnumString<T> {
/// Return the enum variant of the given numeric value.
fn from_u(v: T) -> Option<Self> where Self: Sized;
fn from_u(v: T) -> Option<Self>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we should rustfmt this file into its own commit

catenacyber
catenacyber reviewed Jan 9, 2025
View reviewed changes
rust/src/detect/vlan.rs
DETECT_VLAN_ID_ANY
} else {
let u8_layer = i8::from_str(parts[1]).ok()?;
if !(-3..=VLAN_MAX_LAYER_IDX).contains(&u8_layer) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we say !(-VLAN_MAX_LAYERS..= VLAN_MAX_LAYERS-1).contains(&u8_layer)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber requested changes

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AkakiAlice @catenacyber