Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[draft] plugins: ndpi stub plugin - v1 #11970

Closed
wants to merge 7 commits into from
Closed

[draft] plugins: ndpi stub plugin - v1 #11970

wants to merge 7 commits into from

Conversation

jasonish
Copy link
Member

Example/stub plugin for nDPI. Utilizes new features from PR #11969.

This was referenced Oct 15, 2024
Closed
Closed
@codecov Codecov
Copy link

codecov bot commented Oct 15, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 62.30769% with 98 lines in your changes missing coverage. Please review.

Project coverage is 79.27%. Comparing base (55b922c) to head (28de229).
Report is 46 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11970      +/-   ##
==========================================
- Coverage   82.75%   79.27%   -3.48%     
==========================================
  Files         910      913       +3     
  Lines      249016   258219    +9203     
==========================================
- Hits       206069   204709    -1360     
- Misses      42947    53510   +10563
Flag Coverage Δ
fuzzcorpus 60.29% <28.57%> (-0.52%) ⬇️
livemode 19.39% <18.45%> (+0.68%) ⬆️
pcap 44.42% <30.35%> (+0.29%) ⬆️
suricata-verify ?
unittests 59.27% <44.23%> (+0.26%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 23118

@jasonish
flow: add callbacks for flow init and flow updates
aae3bf8 
Adds user registerable callbacks for flow initialization, flow
update and flow finish.

Some plugins, such as other DPI libraries like nDPI need a way to hook
into these flow lifecycle events.

Ticket: OISF#7319
Ticket: OISF#7320
@jasonish
threads: add storage api, based on flow storage
bbeb9f8
@jasonish
threads: add initialization callbacks
34c3ac3 
For library users and plugins that need to hook into the thread life
cycle, perhaps to initialize some thread storage.
@jasonish
eve: user callbacks for adding additional data
a34e5a9 
Provide a way for library/plugin users to register a callback that
will be called prior to an EVE record being closed. The callback will
be passed ThreadVars, Packet, and Flow pointers if available, as well
as private user data.
@jasonish
examples/plugin: update to find generated rust header
78f09d4 
Needed for changes to output-eve.h.
@jasonish
detect: break apart sigtable setup and initialization
ff88c47 
Allows initialization to be done early, so the table is ready for
dynamic registration by plugins which are loaded before signature
setup.
@jasonish
Copy link
Member Author

Updated with example of rule keyword registrations.

@jasonish
plugins/ndpi: stub in dummy ndpi plugin
28de229 
This plugin stub shows how a plugin like nDPI might be use the flow
init and flow update callbacks to do its work. Also shows usage of
FlowStorage to avoid modifying the Flow struct directly.
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 23134

@jasonish
Copy link
Member Author

jasonish commented Nov 6, 2024

Actual plugin now. #12092

@jasonish jasonish closed this Nov 6, 2024
@jasonish jasonish deleted the ndpi-plugin-stub/v1 branch November 14, 2024 08:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien will be requested when the pull request is marked ready for review victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jasonish @suricata-qa