Project

General

Profile

Actions

Task #4095

open

tracking: unify rule keyword value parsing

Added by Victor Julien over 3 years ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Effort:
Difficulty:
Label:

Description

Most keywords have their own parsing logic. There are a lot of overlaps between them, so it should be possible to unify them.

High level:
- many keywords use a comma separated list of key value pairs
- there are several keywords that take a single int
- there are several keywords taking an int or a range (dsize)
- ...

Idea here to define the major classes of keywords so we can unify the parsing. The new parsing should be done in rust (#3195 / #3317)

We'd need a ticket per class with the details.


Subtasks 1 (0 open1 closed)

Optimization #4112: Use generic rust DetectU32Data in every keyword needing thisClosedPhilippe AntoineActions

Related issues 2 (2 open0 closed)

Related to Suricata - Task #3195: tracking: rustify all inputNewOISF DevActions
Related to Suricata - Feature #3317: rules: use rust for tokenizing rulesFeedbackJason IshActions
Actions #1

Updated by Victor Julien over 3 years ago

  • Description updated (diff)
Actions #2

Updated by Victor Julien over 3 years ago

  • Related to Task #3195: tracking: rustify all input added
Actions #3

Updated by Victor Julien over 3 years ago

  • Related to Feature #3317: rules: use rust for tokenizing rules added
Actions #4

Updated by Victor Julien over 3 years ago

  • Subject changed from rules: unify keyword value parsing to tracking: unify rule keyword value parsing
Actions

Also available in: Atom PDF