Skip to content

lua: convert ssh function into suricata.ssh lib #13013

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

lua: convert ssh function into suricata.ssh lib #13013

wants to merge 2 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7607

Describe changes:

  • lua: convert ssh function into suricata.ssh lib

SV_BRANCH=OISF/suricata-verify#2420

#12954 with doc improvements

catenacyber
catenacyber commented Apr 11, 2025
View reviewed changes
src/util-lua-ssh.c

return LuaPushStringBuffer(luastate, protocol, b_len);
}
struct LuaTx {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this all be rust ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if we have sufficient, or nice enough Lua abstractions for Rust yet. The C conversions are easier, at least for me at this time, and given the schedule.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried a bit in my branch lua-ssh-7607-v3.1

@catenacyber catenacyber mentioned this pull request Apr 11, 2025
Closed
@catenacyber catenacyber marked this pull request as draft April 11, 2025 20:56
@catenacyber
Copy link
Contributor Author

Not sure about the new hook logic and why it now gets 2 alerts (one at the packet, and one at flow timeout)

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 25684

@catenacyber catenacyber mentioned this pull request Apr 15, 2025
Closed
@catenacyber
Copy link
Contributor Author

Next in #13024

@jasonish
Copy link
Member

Not sure about the new hook logic and why it now gets 2 alerts (one at the packet, and one at flow timeout)

Did you resolve this?

@catenacyber
Copy link
Contributor Author

Not sure about the new hook logic and why it now gets 2 alerts (one at the packet, and one at flow timeout)

Did you resolve this?

I will investigate more

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish jasonish left review comments

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@catenacyber @suricata-qa @jasonish