Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enip: convert to rust #9844

Closed
wants to merge 1 commit into from
Closed

enip: convert to rust #9844

wants to merge 1 commit into from

Conversation

catenacyber
Copy link
Contributor

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3958

Describe changes:

  • convert enip parser to rust

Alon the way, also

  • enip_command keyword accepts now string enumeration as values.
  • transactions are now bidirectional
  • there is a enip logger
  • gap support is improved with probing for resync
  • SEQUENCE_ADDR_ITEM value is fixed to 0x8002 instead of 0xB002

#9824 with review taken into account, CI should be greener, json schema completed...

Draft as is this is not complete :

  • need better response/request association for bidirectional transactions
  • get cip attributes by parsing deeper based on cip service, and reuse that for cip_service keyword
  • parse more, log more, add more keywords (enip.status)...
  • set event on parsing error
  • use frames ?
  • take a look into https://redmine.openinfosecfoundation.org/issues/6304

Provide values to any of the below to override the defaults.

SV_BRANCH=pr/1485

OISF/suricata-verify#1485

@catenacyber
enip: convert to rust
63405f8 
Ticket: 3958

- enip_command keyword accepts now string enumeration as values.
- transactions are now bidirectional
- there is a logger
- gap support is improved with probing for resync
- SEQUENCE_ADDR_ITEM value is fixed to 0x8002 instead of 0xB002
@catenacyber catenacyber mentioned this pull request Nov 20, 2023
Closed
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 16649

@catenacyber catenacyber mentioned this pull request Nov 20, 2023
Closed
@catenacyber
Copy link
Contributor Author

Replaced by #9848

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish will be requested when the pull request is marked ready for review jasonish is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini will be requested when the pull request is marked ready for review jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien will be requested when the pull request is marked ready for review victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @suricata-qa