Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect/ipopts: Multiple option support #10700

Closed
wants to merge 2 commits into from
Closed

detect/ipopts: Multiple option support #10700

wants to merge 2 commits into from

Conversation

jlucovsky
Copy link
Contributor

Continuation of #10688

Support multiple options.

This PR changes the IP option definitions from an enum into bit values so the values added during packet parsing are compared properly when evaluation with an IP option specified with ipopts occurs.

Link to redmine ticket: 6864

Describe changes:

  • Misc. cleanups
  • Move IPv4 option values to a bit mask
  • suricata-verify test to validate each option lacking coverage.

Updates:

  • Remove unneeded PCRE usage

Provide values to any of the below to override the defaults.

To use a pull request use a branch name like pr/N where N is the
pull request number.

Alternatively, SV_BRANCH may also be a link to an
OISF/suricata-verify pull-request.

SV_REPO=
SV_BRANCH=pr/1722
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

@jlucovsky
detect/ipopt: Misc. cleanup
ae88e2f 
Minor changes to improve readability, remove extraneous include files.
@jlucovsky
detect/ipopts: Handle multiple ip options
0ff8610 
Issue: 6864

Multiple IP options were not handled properly as the value being OR'd
into the packet's ip option variable were enum values instead of bit
values.

Reduce complexity by eliminating the PCRE logic and adding a unittest to
validate null/empty string handling
@jlucovsky jlucovsky mentioned this pull request Mar 22, 2024
Closed
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 19751

@jlucovsky jlucovsky mentioned this pull request Mar 31, 2024
Closed
@jlucovsky
Copy link
Contributor Author

Continued in #10741

@jlucovsky jlucovsky closed this Mar 31, 2024
@jlucovsky jlucovsky deleted the 6864/2 branch April 24, 2024 12:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber left review comments

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
4 participants
@jlucovsky @suricata-qa @victorjulien @catenacyber