Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect/bytemath: Support out of order options #7509

Closed
wants to merge 1 commit into from
Closed

detect/bytemath: Support out of order options #7509

wants to merge 1 commit into from

Conversation

jlucovsky
Copy link
Contributor

This PR replaces the draft pr #7484.

The intent of this PR is to support arbitrary order options for byte_math. During the investigation phase, it was suggested that the parser be converted to Rust for simplification. Thus, the PCRE based parser for byte_math was removed and replaced with a Rust based parser. @jasonish's prototype rulers parser work helped guide this PR.

The C unittests were retained and many were added to the Rust based parser.

Issue: 5077

Link to redmine ticket: 5077

Describe changes:

  • Converts the PCRE based parser to Rust.
  • Adds unit tests to the new Rust modules
  • Removes the PCRE parser from detect-bytemath.c
  • Adjusts the C source modules to refer to the Rust definitions

#suricata-verify-pr:
#suricata-verify-repo:
#suricata-verify-branch:
#suricata-update-pr:
#suricata-update-repo:
#suricata-update-branch:
#libhtp-pr:
#libhtp-repo:
#libhtp-branch:

@jlucovsky
detect/bytemath: Convert parser to Rust
be60031 
Issue: 5077

This commit
- Converts the PCRE based parser to Rust.
- Adds unit tests to the new Rust modules
- Removes the PCRE parser from detect-bytemath.c
- Adjusts the C source modules to refer to the Rust definitions
@jlucovsky jlucovsky requested review from victorjulien, jasonish and a team as code owners June 8, 2022 17:10
@jlucovsky jlucovsky mentioned this pull request Jun 8, 2022
Closed
@catenacyber
Copy link
Contributor

Looks nice, is it meant to have code reused for other keywords ?

@suricata-qa
Copy link

ERROR:

ERROR: QA failed on tlpr1_alerts_cmp.

Pipeline 7748

@jlucovsky
Copy link
Contributor Author

Yes, some of the prototype work from @jasonish was included in this PR.

@jlucovsky jlucovsky mentioned this pull request Jun 9, 2022
Closed
@jlucovsky
Copy link
Contributor Author

Continued in #7516

@jlucovsky jlucovsky closed this Jun 9, 2022
@jlucovsky jlucovsky deleted the 5077/4 branch July 13, 2022 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@jlucovsky @catenacyber @suricata-qa