suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

enip: convert to rust

Open catenacyber opened this issue 10 months ago • 4 comments

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/3958

Describe changes:

  • convert enip parser to rust

Alon the way, also

  • transactions are now bidirectional
  • there is a enip logger
  • gap support is improved with probing for resync
  • frames
  • events
  • enip_command keyword accepts now string enumeration as values.
  • more keywords, to have parity with logging

#10850 with needed rebase

SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1666

catenacyber avatar Apr 18 '24 12:04 catenacyber

Codecov Report

Attention: Patch coverage is 43.60902% with 1950 lines in your changes are missing coverage. Please review.

Project coverage is 82.17%. Comparing base (2b4e102) to head (2321978).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #10901      +/-   ##
==========================================
+ Coverage   77.64%   82.17%   +4.53%     
==========================================
  Files         922      941      +19     
  Lines      247806   250157    +2351     
==========================================
+ Hits       192400   205570   +13170     
+ Misses      55406    44587   -10819
Flag Coverage Δ
fuzzcorpus 63.35% <33.76%> (?)
suricata-verify 61.34% <38.80%> (-1.09%) :arrow_down:
unittests 61.65% <11.22%> (-0.56%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

codecov[bot] avatar Apr 18 '24 16:04 codecov[bot]

Information:

ERROR: QA failed on SURI_TLPW2_autofp_suri_time.

ERROR: QA failed on SURI_TLPW1_files_sha256.

ERROR: QA failed on SURI_TLPR1_suri_time.

field baseline test %
SURI_TLPW2_autofp_stats_chk
.uptime 138 145 105.07%
SURI_TLPR1_stats_chk
.uptime 644 693 107.61%

Pipeline 20220

suricata-qa avatar Apr 20 '24 21:04 suricata-qa

Not sure if possible, but wondering if we could have dedicated commits: Maybe:

  • one for docs

I do not like separating doc commits from the code changes needing the documentation... I do not think this was settled

  • one for logging and parsing (and schema?)
  • one for detection

Already existing keywords must be done within the same commit as parsing goes from c to rust...

  • one for new keywords added
  • replacement of C code with rust code into an independent commit

This is not independent : I add logging and parsing in rust, while moving away the C code...

  • maybe one for unittests removal, just to keep the change contained?

Interesting. Why so ?

Please ignore if this proposal doesn't make sense or would be too much work

This can be work... not sure if it is relevant...

catenacyber avatar Apr 23 '24 19:04 catenacyber

  • maybe one for unittests removal, just to keep the change contained?

Interesting. Why so ?

Looking again, I can't see what made me make this comment, please ignore. >__<'

Please ignore if this proposal doesn't make sense or would be too much work

This can be work... not sure if it is relevant...

In general I see that we try to break changes into smaller commits, so that's where this comes from. But I don't have a super strong opinion about this, yet...

jufajardini avatar Apr 25 '24 03:04 jufajardini

Continued in https://github.com/OISF/suricata/pull/11174

catenacyber avatar May 29 '24 11:05 catenacyber