Skip to content

Detect list rule proto 635 v1 #14380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Detect list rule proto 635 v1 #14380

wants to merge 2 commits into from
+106 −49

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Nov 27, 2025

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/635

Describe changes:

  • New command line option --list-rule-protos to show tcp-pkt and other

@catenacyber catenacyber force-pushed the detect-list-rule-proto-635-v1 branch from 9551c67 to 617d5d7 Compare November 27, 2025 14:32
@catenacyber
Copy link
Contributor Author

catenacyber commented Nov 27, 2025

Force-pushed rust bindings update

@catenacyber
detect: rewrite DetectProtoParse
4e36d95 
To use an array, instead of hard-coded values.
Opens the path to list the rule protocols

Ticket: 635
@catenacyber
detect: new command line option : list-rule-protos
b479345 
To list the protocols we can use a in a rule header

Ticket: 635
@catenacyber catenacyber force-pushed the detect-list-rule-proto-635-v1 branch from 617d5d7 to b479345 Compare November 27, 2025 16:21
@codecov
Copy link

codecov bot commented Nov 27, 2025

Codecov Report

❌ Patch coverage is 95.45455% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 84.18%. Comparing base (459e259) to head (b479345).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14380      +/-   ##
==========================================
- Coverage   84.19%   84.18%   -0.02%     
==========================================
  Files        1012     1012              
  Lines      261796   261793       -3     
==========================================
- Hits       220414   220380      -34     
- Misses      41382    41413      +31
Flag Coverage Δ
fuzzcorpus 63.27% <29.54%> (-0.01%) ⬇️
livemode 18.77% <34.09%> (+0.02%) ⬆️
pcap 44.64% <36.36%> (+0.02%) ⬆️
suricata-verify 64.95% <38.63%> (-0.03%) ⬇️
unittests 59.21% <95.45%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa
Copy link

suricata-qa commented Nov 27, 2025

Information: QA ran without warnings.

Pipeline = 28552

victorjulien
victorjulien reviewed Nov 28, 2025
View reviewed changes
src/detect-engine-proto.c

struct {
const char *name;
uint8_t proto;
Copy link
Member

@victorjulien victorjulien Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we make this an int and use -1 as not set? Technically 0 is a valid ip protocol number https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

Copy link
Contributor Author

@catenacyber catenacyber Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok as long as one of the rule-proto keywords does not set it ;-)

@victorjulien victorjulien added this to the 9.0 milestone Dec 2, 2025
@victorjulien victorjulien mentioned this pull request Dec 3, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@victorjulien victorjulien victorjulien approved these changes

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

Assignees

No one assigned

Labels

None yet

Milestone

9.0

Development

Successfully merging this pull request may close these issues.

3 participants

@catenacyber @suricata-qa @victorjulien