Applayer plugin 5053 v8 #12455
Applayer plugin 5053 v8 #12455
Conversation
and use generic logger callback prototype with later cast and do some other small modifications so that the plugin has less diff
make should rerun cbindgen if cbindgen.toml is modified
Just use a regular compile time rust export, instead of having a runtime definition through the SuricataContext structure
so that it can be used by plugins Avoid export by cbindgen as this constant is also defined in C
so that it can be used by plugins that want to call SCLogError and such
so that they can be used by rust plugins
when compiling without unit tests detect-transform-base64.c:47:9: warning: macro is not used [-Wunused-macros] 47 | #define DETECT_TRANSFORM_FROM_BASE64_MODE_DEFAULT (uint8_t) Base64ModeRFC4648
JsonBuilder struct should not be made public because it is not repr(C), and thus cannot be used as such by plugins, because rust compiler does nots guarantee struct layout if we do not use a fixed representation. Also define a generic standard prototype for EveJsonSimpleTxLogFunc and enfore it without cast for every function, each function taking care of casting to its specific transaction type.
Ticket: 7151 Ticket: 7152 Ticket: 7154
Ticket: 7149 Ticket: 7150 Ticket: 7153
catenacyber
requested review from
jufajardini,
victorjulien,
jasonish and
a team
as code owners
|
ERROR: ERROR: QA failed on build_asan. Pipeline 24329 |
| // JsonBuilder should not be made public outside the crate as it is not repr(C) | ||
| #[derive(Debug, Clone)] | ||
| pub struct JsonBuilder { | ||
| pub(crate) struct JsonBuilder { |
There was a problem hiding this comment.
Might not be the only case case for Suricata as a library. Could have a Rust crate pulling Suricata for utility reasons and need access.
There was a problem hiding this comment.
Indeed, but how do you propose to avoid the pitfall that some plugin use suricata crate JsonBuilder instead of using the suricata runtime one ? Just rely on docs ?
There was a problem hiding this comment.
Probably through documentation. I'm not too keen on artificially limiting the usefulness of the library to protect users of just one use case.
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #12455 +/- ##
==========================================
+ Coverage 80.63% 80.66% +0.03%
==========================================
Files 920 920
Lines 258704 259125 +421
==========================================
+ Hits 208595 209033 +438
+ Misses 50109 50092 -17
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Replaced by #12465 |
Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/4102 with all 6 subtickets
Describe changes:
@jufajardini what do you think about the doc ?
Jason told me this fits the tickets
#12448 using suricata as a crate by the plugin
Draft:
pubcf last commit about Websocketcc @jasonish