Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Applayer plugin 5053 v3.3 #11701

Closed

Conversation

catenacyber
Copy link
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
Preliminary work for https://redmine.openinfosecfoundation.org/issues/5053

Describe changes:

  • get ready to use dynamic number of app-layer protos (also work with static constant) in some places
  • preventive fix of macro with parenthesis cc @jufajardini

#11572 next round

#11696 with clean git history and green CI

Still more work to do after :
Only AppProtoStrings is to be handled, but it is the big one.

And then take remaining commits out of #11321
And supply an example of an app-layer plugin

instead of a global variable.

For easier initialization with dynamic number of protocols
for expectation_proto

Ticket: 5053
Ticket: 5053

delay after initialization so that StringToAppProto works
so that we can use safely EXCEPTION_POLICY_MAX*sizeof(x)
Copy link

codecov bot commented Sep 2, 2024

Codecov Report

Attention: Patch coverage is 88.70293% with 27 lines in your changes missing coverage. Please review.

Project coverage is 82.43%. Comparing base (685baa9) to head (ede8d95).
Report is 15 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master   #11701      +/-   ##
==========================================
- Coverage   82.63%   82.43%   -0.21%     
==========================================
  Files         919      919              
  Lines      248925   248932       +7     
==========================================
- Hits       205703   205208     -495     
- Misses      43222    43724     +502     
Flag Coverage Δ
fuzzcorpus 60.06% <79.32%> (-0.82%) ⬇️
livemode 18.72% <57.80%> (+<0.01%) ⬆️
pcap 44.12% <76.37%> (-0.02%) ⬇️
suricata-verify 61.85% <88.18%> (-0.03%) ⬇️
unittests 59.01% <55.23%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

ERROR:

ERROR: QA failed on SURI_TLPR1_alerts_cmp.

Pipeline 22322

Copy link
Contributor

@jufajardini jufajardini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Didn't manage to review everything, leaving minor comments.

(the inversion protomap<->alproto for app-layer is mind fogging 😅 )

Comment on lines +1726 to +1731
FatalError("Unable to alloc alproto_names.");
}
// to realloc when dynamic protos are added
alpd_ctx.expectation_proto = SCCalloc(ALPROTO_MAX, sizeof(uint8_t));
if (unlikely(alpd_ctx.expectation_proto == NULL)) {
FatalError("Unable to alloc expectation_proto.");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should these errors have some more user-friendly part?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How so ?
This is a unique message showing clearly the problem, is it not ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, I guess, maybe. One could always copy the error and share that with us, as many users probably wouldn't try to fix something like that...

Comment on lines +242 to +244
DEBUG_VALIDATE_BUG_ON((int64_t)(SCTIME_SECS(f->lastts) - SCTIME_SECS(f->startts)) < INT32_MIN ||
(int64_t)(SCTIME_SECS(f->lastts) - SCTIME_SECS(f->startts)) > INT32_MAX);
int32_t age = (int32_t)(SCTIME_SECS(f->lastts) - SCTIME_SECS(f->startts));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is repeated a few times, couldn't it be wrapped in a function?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops, this commit should not be in this PR

@@ -74,7 +74,7 @@ enum {
FLOW_PROTO_MAX,
};
/* max used in app-layer (counters) */
#define FLOW_PROTO_APPLAYER_MAX FLOW_PROTO_UDP + 1
#define FLOW_PROTO_APPLAYER_MAX (FLOW_PROTO_UDP + 1)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: shouldn't this one be part of c32bc61 :P

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both are possible.
As a matter of facts, I did c32bc61 after finding this parenthesis addition was needed for 897b6606e4ae116337ce9899d34c7ab9c6a14fda

@catenacyber
Copy link
Contributor Author

(the inversion protomap<->alproto for app-layer is mind fogging 😅 )

Do you have a better C way to do this ?

@catenacyber
Copy link
Contributor Author

Next in #11795

@jufajardini
Copy link
Contributor

(the inversion protomap<->alproto for app-layer is mind fogging 😅 )

Do you have a better C way to do this ?

Nothing that comes easily. Was just a silly comment.

@catenacyber
Copy link
Contributor Author

(the inversion protomap<->alproto for app-layer is mind fogging 😅 )

Do you have a better C way to do this ?

Nothing that comes easily. Was just a silly comment.

Not silly, I felt the pain, but found no other way...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants