Dns rust keywords 7529 v4

[catenacyber]

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7529
https://redmine.openinfosecfoundation.org/issues/3725

Describe changes:

• dns: move keywords to rust
• on the way, move unit tests to SV for dns.query keyword
• extend some dns keywords so that they can use string enumerations
• improves UTHBuildPacketReal to produce more real packets

#11932 next protocol
#12535 with new commits to

• rename SCSigTableElmt to SCSigTableAppLiteElmt
• introduce a pure rust helper to register sticky buffer cc @jasonish

SV_BRANCH=OISF/suricata-verify#2297

[codecov]

Codecov Report

Attention: Patch coverage is 97.14286% with 13 lines in your changes missing coverage. Please review.

Project coverage is 80.75%. Comparing base (10ede91) to head (59c8406).
Report is 41 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff            @@
##           master   #12605    +/-   ##
========================================
  Coverage   80.74%   80.75%            
========================================
  Files         931      925     -6     
  Lines      259144   258691   -453     
========================================
- Hits       209242   208894   -348     
+ Misses      49902    49797   -105     

Flag	Coverage Δ
fuzzcorpus	56.99% <77.83%> (+0.02%)	⬆️
livemode	19.40% <46.30%> (+0.02%)	⬆️
pcap	44.19% <61.82%> (+0.03%)	⬆️
suricata-verify	63.46% <94.08%> (+0.02%)	⬆️
unittests	58.28% <56.70%> (-0.07%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

[suricata-qa]

Information: QA ran without warnings.

Pipeline 24762

[victorjulien]

Where is AppLite explained? It's a new concept.

[catenacyber]

Where is AppLite explained? It's a new concept.

Please give me a better name :-)

It comes from your comment #12535 (comment)

It's currently a app-layer specific "lite" version

[jasonish]

I don't really think this is what I had in mind. The Rust developer still has to concern themselves that this is a C struct, which is what I'd like to abstract away from.

[catenacyber]

Thanks for the feedback.

I did not manage to have a rust string "dns.answer.name", because then I need to allocate "dns.answer.name\0" and I leak memory cf fixup commit and red CI before that...

Do you see another way ?
I also tried Cstring::from(c"dns.answer.name") but it looks like a big project because it is breaking other tools like rustfmt which ignores Cargo.toml showing this is edition 2021

[jasonish]

The real problem is that our module system of registering keywords is "unsafe" (in the rust sense). We pass it a pointer to a C string and it requires that C string to remain rather than taking ownership, or a copy of it.

I don't have any examples doing this in Suricata, but I've created a "shadow" registry before. Basically a static mutable hasmap that maps Rust strings to C strings so they can live until the program dies. Not ideal but might be easier than modifying the keyword registration to take ownership of passed in strings?

[catenacyber]

The real problem is that our module system of registering keywords is "unsafe" (in the rust sense). We pass it a pointer to a C string and it requires that C string to remain rather than taking ownership, or a copy of it.

Indeed, the C registering system expects only static strings that it does not free

How do you free your "shadow" registry ?

What do you think of c"dns.answer.name" ?

[jasonish]

How do you free your "shadow" registry ?

I don't. Because its held onto until program exit, it is not reported as a leak. It was never orphaned. Rust actually has Box::leak which is a common way to forget about pointer that is passed to C that will live til program exit, but ASAN reports that as a leak.

[jasonish]

What do you think of c"dns.answer.name" ?

Need Rust 1.77. But I like it in cases where you'd never want to pass a formatted string at least.

[catenacyber]

Will try this shadow registry approach then...