-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP protocol parser v2 #11087
LDAP protocol parser v2 #11087
Conversation
This implementation adds types and filters specified in the LDAP RFC to work with the ldap_parser. Although using the parser directly would be best, strange behavior has been observed during transaction logging. It appears that C pointers are being overwritten, leading to incorrect output when LDAP fields are logged.
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #11087 +/- ##
===========================================
+ Coverage 64.19% 80.53% +16.33%
===========================================
Files 847 926 +79
Lines 136684 251175 +114491
===========================================
+ Hits 87750 202276 +114526
+ Misses 48934 48899 -35
Flags with carried forward coverage won't be shown. Click here to find out more. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Think this is very interesting work. Can you add SV tests to your next PR? Think that would be one to consider for merge.
} | ||
} | ||
|
||
unsafe extern "C" fn rs_ldap_probing_parser( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we use a new style for these FFI functions SCLdapProbingParser
(so the C-style).
Replaced with #11163 |
Make sure these boxes are signed before submitting your Pull Request -- thank you.
https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html
https://suricata.io/about/contribution-agreement/ (note: this is only required once)
https://redmine.openinfosecfoundation.org/projects/suricata/issues
(if applicable)
Link to ticket: https://redmine.openinfosecfoundation.org/issues/
Describe changes:
Abandon Request
because apparently is not parsed correctly (see Abandon request not parsed correctly? rusticata/ldap-parser#6)