Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect/ipopts: Multiple option support #10741

Closed
wants to merge 2 commits into from
Closed

detect/ipopts: Multiple option support #10741

wants to merge 2 commits into from

Conversation

jlucovsky
Copy link
Contributor

Continuation of #10700

Support multiple options.

This PR changes the IP option definitions from an enum into bit values so the values added during packet parsing are compared properly when evaluation with an IP option specified with ipopts occurs.

Link to redmine ticket: 6864

Describe changes:

  • Misc. cleanups
  • Move IPv4 option values to a bit mask
  • suricata-verify test to validate each option lacking coverage.

Updates:

  • Update Match function to return 0 or 1 instead of 0 or a positive integer.

Provide values to any of the below to override the defaults.

To use a pull request use a branch name like pr/N where N is the
pull request number.

Alternatively, SV_BRANCH may also be a link to an
OISF/suricata-verify pull-request.

SV_REPO=
SV_BRANCH=pr/1722
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

@jlucovsky
detect/ipopt: Misc. cleanup
6dfbb09 
Minor changes to improve readability, remove extraneous include files.
@jlucovsky
detect/ipopts: Handle multiple ip options
f4e630a 
Issue: 6864

Multiple IP options were not handled properly as the value being OR'd
into the packet's ip option variable were enum values instead of bit
values.

Reduce complexity by eliminating the PCRE logic and adding a unittest to
validate null/empty string handling
@jlucovsky jlucovsky mentioned this pull request Mar 31, 2024
Closed
@codecov Codecov
Copy link

codecov bot commented Mar 31, 2024

Codecov Report

Attention: Patch coverage is 96.87500% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 82.67%. Comparing base (ee50fe4) to head (f4e630a).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #10741      +/-   ##
==========================================
+ Coverage   78.52%   82.67%   +4.14%     
==========================================
  Files         926      926              
  Lines      247464   247658     +194     
==========================================
+ Hits       194331   204747   +10416     
+ Misses      53133    42911   -10222
Flag Coverage Δ
fuzzcorpus 64.02% <92.30%> (-0.22%) ⬇️
suricata-verify 62.04% <76.92%> (?)
unittests 62.18% <93.75%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information:

ERROR: QA failed on SURI_TLPW2_autofp_suri_time.

ERROR: QA failed on SURI_TLPR1_suri_time.

field baseline test %
SURI_TLPW2_autofp_stats_chk
.uptime 138 147 106.52%
SURI_TLPR1_stats_chk
.uptime 645 685 106.2%

Pipeline 19892

@jlucovsky jlucovsky mentioned this pull request Apr 16, 2024
Closed
@jlucovsky
Copy link
Contributor Author

Continued in #10859

@jlucovsky jlucovsky closed this Apr 16, 2024
@jlucovsky jlucovsky deleted the 6864/3 branch April 24, 2024 12:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber left review comments

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@jlucovsky @suricata-qa @catenacyber