Skip to content

detect/vlan: move vlan.id code to generic integer #13908

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

detect/vlan: move vlan.id code to generic integer #13908

wants to merge 2 commits into from
+176 −117

Conversation

catenacyber
Copy link
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7929

Describe changes:

  • detect/vlan: move vlan.id code to generic integer

catenacyber
catenacyber commented Sep 26, 2025
View reviewed changes
rust/src/nfs/detect.rs
) -> *mut DetectUintData<u32> {
let ft_name: &CStr = CStr::from_ptr(ustr); //unsafe
if let Ok(s) = ft_name.to_str() {
// TODO big composite type
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just removed a TODO that was done on my way

catenacyber
catenacyber commented Sep 26, 2025
View reviewed changes
src/detect-vlan.c
v->u8[1] = a->layer;
v->u16[2] = a->du16.arg1;
v->u16[3] = a->du16.arg2;
const DetectVlanIdDataPrefilter a = SCDetectVlanIdPrefilter(smctx);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if I should move more prefilter code to rust :

  • not export DetectVlanIdDataPrefilter to C
  • pass PrefilterPacketHeaderValue *v from C to rust as a slice of bytes that has at least 16 bytes

catenacyber
catenacyber commented Sep 26, 2025
View reviewed changes
rust/src/detect/vlan.rs
u8_layer
match a.index {
DetectUintIndex::All => {
// keep previous behavior that vlan.id: all matched only if there was vlan
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is this ?

Alternative could be to change the newly (Suri9) added all modes :

We could have all that behaves like for vlan.id, and all0 that would match if everything is a match or if the list is empty...

@catenacyber
Copy link
Contributor Author

No new SV tests as, just exercising the existing detect-vlan-id

Not sure if it makes sense to add a check like vlan.id: 100, or_absent; which is now possible...

  • remark about all vs all1-all0

@catenacyber catenacyber marked this pull request as draft September 26, 2025 10:57
@catenacyber
Copy link
Contributor Author

Draft : waiting on feedback about the all vs all1-all0

@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPR1_stats_chk
.uptime 652 632 96.93%

Pipeline = 27714

@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPR1_stats_chk
.uptime 652 626 96.01%

Pipeline = 27727

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @suricata-qa