Project

General

Profile

Actions

Optimization #4154

closed

Task #4772: tracking: parity between fields logged and fields available for detection

Feature #4153: app-layer: rust derive style macros to generate common code

Rust Parsers: Abstract AppLayer events to a derive macro

Added by Jason Ish about 4 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Most parsers duplicate code to deal with application layer events. Instead, a parser should be able to define the events in an enum and have the rest of the code generated via a derive macro.

For example, given an enum like:

#[derive(Debug, PartialEq, AppLayerEvent)]
pub enum DNSEvent {
    MalformedData,
    NotRequest,
    NotResponse,
    ZFlagSet,
}

the following utility functions will be generated:

  • from_id
  • as_i32
  • to_cstring
  • from_cstring
  • get_event_info
  • get_event_info_by_id
Actions

Also available in: Atom PDF