Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App-layer plugin preliminary work 5053 v2.4 #11426

Closed
wants to merge 4 commits into from
Closed

App-layer plugin preliminary work 5053 v2.4 #11426

wants to merge 4 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
Preliminary work for https://redmine.openinfosecfoundation.org/issues/5053

Describe changes:

  • get ready to use dynamic number of app-layer protos for some global arrays : run modes and output

Small PR good in itself.

#11373 next round
Based on #11425 to get green CI :-p

Still more work to do : I guess stack allocated arrays are fine, but the global variables cf git grep '\[ALPROTO_MAX' in

  • app-layer-detect-proto.c
  • app-layer-frames.c
  • app-layer-parser.c
  • app-layer-protos.c
  • app-layer.c
    need to be allocated and freed, with taking care of the initialization order, so that we know ALPROTO_MAX final value...

@catenacyber
util/thash: decrease memuse if array was allocated
e4c20d0 
THashInitConfig may not allocate array and increase memuse.
Such a failure leads to THashShutdown which should not decrease
the memuse.

Ticket: 7135
@catenacyber
runmodes: use dynamic number of app-layer protos
61e8398 
Ticket: 5053
@catenacyber
output/tx: use dynamic number of app-layer protos
9c45c58 
Ticket: 5053
@catenacyber
output: use dynamic number of app-layer protos
e2826d8 
Ticket: 5053
@catenacyber catenacyber requested a review from victorjulien as a code owner July 4, 2024 13:37
victorjulien
victorjulien reviewed Jul 4, 2024
View reviewed changes
src/output.c
@@ -917,7 +972,7 @@ static int JsonGenericLogger(ThreadVars *tv, void *thread_data, const Packet *p,
}

const char *name;
switch (al->proto) {
switch (f->proto) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of doing this at runtime, can we do it at init time and store the result in EveJsonSimpleAppLayerLogger?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice idea :-)

victorjulien
victorjulien reviewed Jul 4, 2024
View reviewed changes
src/output.c
FatalError("Failed to allocate simple_json_applayer_loggers");
}
// ALPROTO_HTTP1 special: uses some options flags
RegisterSimpleJsonApplayerLogger(ALPROTO_FTP, EveFTPLogCommand);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we move these into the respective parsers?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the end, we want to.

But this is not obvious now : when the respective parsers register themselves, we do not know yet ALPROTO_MAX

So, I would like to keep this for a later PR...

@catenacyber catenacyber mentioned this pull request Jul 4, 2024
Closed
@catenacyber
Copy link
Contributor Author

Continued in #11429

@catenacyber catenacyber closed this Jul 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien left review comments

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @victorjulien