Optimization #4154: Rust Parsers: Abstract AppLayer events to a derive macro - Suricata - Open Information Security Foundation

Actions

Copy link

Optimization #4154

closed

Task #4772: tracking: parity between fields logged and fields available for detection

Feature #4153: app-layer: rust derive style macros to generate common code

Rust Parsers: Abstract AppLayer events to a derive macro

Added by Jason Ish almost 4 years ago. Updated about 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Jason Ish

Target version:

7.0.0-beta1

Effort:

Difficulty:

Label:

Description

Most parsers duplicate code to deal with application layer events. Instead, a parser should be able to define the events in an enum and have the rest of the code generated via a derive macro.

For example, given an enum like:

#[derive(Debug, PartialEq, AppLayerEvent)]
pub enum DNSEvent {
    MalformedData,
    NotRequest,
    NotResponse,
    ZFlagSet,
}

the following utility functions will be generated:

from_id
as_i32
to_cstring
from_cstring
get_event_info
get_event_info_by_id

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Optimization #4154

Rust Parsers: Abstract AppLayer events to a derive macro

Updated by Jason Ish almost 4 years ago

Updated by Jason Ish almost 4 years ago

Updated by Victor Julien almost 4 years ago

Updated by Victor Julien about 3 years ago

Updated by Victor Julien about 3 years ago

Updated by Jason Ish about 3 years ago

Updated by Jason Ish about 3 years ago

Updated by Jason Ish about 3 years ago