Project

General

Profile

Actions

Task #4095

open

tracking: unify rule keyword value parsing

Added by Victor Julien about 4 years ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Most keywords have their own parsing logic. There are a lot of overlaps between them, so it should be possible to unify them.

High level:
- many keywords use a comma separated list of key value pairs
- there are several keywords that take a single int
- there are several keywords taking an int or a range (dsize)
- ...

Idea here to define the major classes of keywords so we can unify the parsing. The new parsing should be done in rust (#3195 / #3317)

We'd need a ticket per class with the details.


Subtasks 1 (0 open1 closed)

Optimization #4112: Use generic rust DetectU32Data in every keyword needing thisClosedPhilippe AntoineActions

Related issues 2 (2 open0 closed)

Related to Suricata - Task #3195: tracking: rustify all inputNewOISF DevActions
Related to Suricata - Feature #3317: rules: use rust for tokenizing rulesFeedbackJason IshActions
Actions

Also available in: Atom PDF