Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ftp: begin conversion process to Rust. #12523

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

ftp: begin conversion process to Rust. #12523

wants to merge 3 commits into from
+418 −222

Conversation

jlucovsky
Copy link
Contributor

Continuation of #12522

ftp: Partial conversion of the FTP protocol parser to Rust.

This PR represents partial completion of issue 4082.

Link to ticket: https://redmine.openinfosecfoundation.org/issues/4082

Describe changes:

  • FTP enumerations moved to Rust
  • FTP command handling moved to Rust (FtpTransferCmd, FtpRequestCommand)
  • FTP configuration file interaction moved to Rust (note behavioral change below)
  • ftp.command sticky buffer and FTP output logic updated

Updates:

  • Replace SCLogNotice call on the output path with SCLogDebug

Behavioral change

Previous versions of Suricata terminated execution if ftp.memcap contained an invalid value. An error message was displayed before exiting. The changes in this PR continue to print the error message in this case; instead of terminating Suricata, Suricata will continue execution and use a value of 0 for ftp.memcap. This is noted in the upgrade notes.

Provide values to any of the below to override the defaults.

  • To use an LibHTP, Suricata-Verify or Suricata-Update pull request,
    link to the pull request in the respective _BRANCH variable.
  • Leave unused overrides blank or remove.

SV_REPO=
SV_BRANCH=
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

@jlucovsky
ftp: convert enumerations to Rust
553da1e 
As part of the effort to convert the FTP/FTPDATA parser to rust, move
the enums from C to rust.
@jlucovsky
ftp: Move command, transfer cmd to rust
0699c5e 
Issue: 4082

This command moves the FtpTransferCmd and FtpCommand to Rust.

Due to the way commands are noted in the transactions, the logic in the
sticky buffer ftp.command and the ftp json output functions was updated.
@jlucovsky
ftp: Move config file handling to Rust
5491223 
Issue: 4082

Move the configuration file handling to Rust.

These changes will no longer terminate Suricata when there's an invalid
value for ftp.memcap. Like earlier Suricata releases, an error message
is logged "Invalid value <value> for ftp.memcap" but Suricata will no
longer terminate execution. It will use a default value of "0" instead.
@jlucovsky jlucovsky mentioned this pull request Feb 2, 2025
Closed
@codecov Codecov
Copy link

codecov bot commented Feb 2, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 89.16667% with 13 lines in your changes missing coverage. Please review.

Project coverage is 80.69%. Comparing base (cbda276) to head (5491223).
Report is 3 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12523      +/-   ##
==========================================
- Coverage   80.70%   80.69%   -0.01%     
==========================================
  Files         925      926       +1     
  Lines      258914   258968      +54     
==========================================
+ Hits       208949   208976      +27     
- Misses      49965    49992      +27
Flag Coverage Δ
fuzzcorpus 56.84% <77.77%> (+0.02%) ⬆️
livemode 19.41% <28.20%> (+<0.01%) ⬆️
pcap 44.22% <78.63%> (+<0.01%) ⬆️
suricata-verify 63.39% <89.16%> (-0.01%) ⬇️
unittests 58.37% <29.91%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 24543

@jlucovsky jlucovsky self-assigned this Feb 2, 2025
@jlucovsky jlucovsky requested a review from catenacyber February 2, 2025 22:54
jasonish
jasonish reviewed Feb 3, 2025
View reviewed changes
rust/src/ftp/ftp.rs
*memcap = v;
SCLogConfig!("FTP memcap: {}", v);
} else {
SCLogError!("Invalid value {} for ftp.memcap", val);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For these can we add a bit more info..

Invalid value {} for ftp.memcap, will use default of ??

And since nothing errors out, perhaps a warning instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea. I'll add an s-v test to validate the parsing and warning message output

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish jasonish left review comments

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

@catenacyber catenacyber Awaiting requested review from catenacyber

At least 1 approving review is required to merge this pull request.

Assignees

@jlucovsky jlucovsky

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jlucovsky @suricata-qa @jasonish