Project

General

Profile

Actions

Feature #4153

open

Task #4772: tracking: parity between fields logged and fields available for detection

app-layer: rust derive style macros to generate common code

Added by Jason Ish almost 4 years ago. Updated 4 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Subtasks 1 (0 open1 closed)

Optimization #4154: Rust Parsers: Abstract AppLayer events to a derive macroClosedJason IshActions

Related issues 2 (2 open0 closed)

Related to Suricata - Feature #5642: DNS: parity between log fields and detectionAssignedJason IshActions
Blocks Suricata - Story #6597: rules: improve rules keyword/output parityNewVictor JulienActions
Actions #1

Updated by Jason Ish almost 4 years ago

  • Related to Optimization #4154: Rust Parsers: Abstract AppLayer events to a derive macro added
Actions #2

Updated by Victor Julien almost 4 years ago

  • Status changed from New to Assigned
  • Assignee set to Jason Ish
Actions #3

Updated by Jason Ish almost 3 years ago

  • Target version changed from 7.0.0-beta1 to 8.0.0-beta1

Retargetting parent task to 8.0beta1 as I don't see moving anything existing to a derive macro for 7.

Actions #4

Updated by Philippe Antoine 12 months ago

And logging and detection ;-)

Actions #5

Updated by Victor Julien 5 months ago ยท Edited

One idea Jason has is to structure the structures such that we could use serde serialize to generate the output. Then the per field derive annotation could take care of the keyword registration.

Actions #6

Updated by Victor Julien 5 months ago

  • Related to Feature #5642: DNS: parity between log fields and detection added
Actions #7

Updated by Victor Julien 4 months ago

  • Subject changed from Rust parsers: Make use of Rust derive style macros to generate common code in parsers to app-layer: rust derive style macros to generate common code
  • Parent task set to #4772
Actions #8

Updated by Victor Julien 4 months ago

  • Blocks Story #6597: rules: improve rules keyword/output parity added
Actions

Also available in: Atom PDF