Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exception policy stats counters - 70x backports - v1 #10812

Closed
wants to merge 15 commits into from
Closed

Exception policy stats counters - 70x backports - v1 #10812

wants to merge 15 commits into from

Conversation

jufajardini
Copy link
Contributor

Describe changes:

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6509

Parent ticket: https://redmine.openinfosecfoundation.org/issues/5816

Provide values to any of the below to override the defaults.

SV_BRANCH=OISF/suricata-verify#1754

@jufajardini
app-layer: fix minor typo and formatting in LogInfo
f5ba5c0 
Also update copyright years.

(cherry picked from commit cea917c)
@jufajardini
app-layer/htp: clean up unused code in unittests
d5aa4b6 
Remove unit test that was disabled and printf statements that were
replaced but not deleted, both in 48cf058.

(cherry picked from commit 112f5cc)
@jufajardini
exceptions: make types and ToStr fns more accessible
d79a2ac 
Decode file needed ExceptionPolicy types and exception-policy file
needed Decode types, rendering some works quite difficult to work
around.

ExceptionPolicyToStr is useful for registering exception policy
counters, so make that public.

Part of
Task OISF#5816

(cherry picked from commit c2c8cdb)
@jufajardini
decode/flow: add exception policy stats counters
1968b9f 
We will register stats counters for all policies, even though for now
Suri only uses one possible configuration policy at a time. The idea is
that this could change in the near future, so we want to have this
ready.

Task OISF#5816

(cherry picked from commit 657419b)
@jufajardini
defrag: add exception policy memcap stats counters
ded5e04 
Add defrag memcap stats counter.

Task OISF#5816

(cherry picked from commit 485c0e1)
@jufajardini
applayer: add stats counters for exception errors
1facc26 
Add stats counters for exception policy are applied for app-layer errors

Part of
Task OISF#5816

(cherry picked from commit a71ace8)
@jufajardini
schema: apply clang-formatting changes
5616f7b
@jufajardini
stream/tcp: add ssnmemcap exception policy counter
2b36dfb 
Add stats counters for exception policies applied in case a stream
session memcap is hit.

Task OISF#5816

(cherry picked from commit 2dee377)
@jufajardini
stream/reassemble: add exception policy counters
6406a9b 
Add stats counters for exception policies applied in case of memcap hit
during stream reassembly.

Task OISF#5816

(cherry picked from commit fd9a20f)
@jufajardini
stream/midstream: add counter for exception policy
efd6ceb 
Add stats counters for when there is an exception policy applied in case
of a session picked up midstream.

Task OISF#5816

(cherry picked from commit caf590d)
@jufajardini
userguide: highlight exception policy effects
8ee1504 
Some exception policies can only be applied to entire flows or
individual packets, for some exception scenarios. Make this easier to
read, in the documentation.

Related to
Task OISF#5816

(cherry picked from commit 94b1112)
@jufajardini
userguide: document exception policy stats
c7b4acd 
Configuration options and defaults, existing counters etc.

Related to
Task OISF#5816

(cherry picked from commit 514e8b8)
@jufajardini
yaml: explicitly mention exception policy in conf
e257060 
While our documentation indicated what were the possible configuration
settings for exception policies, our yaml only explicitly mentioned
exception policy for the master switch. Clearly indicate which config
settings are about exception policies.

Related to
Task OISF#5816

(cherry picked from commit 8defee9)
@jufajardini
yaml: minor wording fix on Suricata package version
5a9f8b3 
(cherry picked from commit 0f6dbf6)
@jufajardini
log/stats: allow longer counter names
037169c 
With the addition of exception policy stats counters, the human readable
version of the sats log was mis-aligned, when counters for per-app-proto
were enabled.

Width change made large enough to accomodate a counter as long as
"app_layer.error.bittorrent-dht.exception_policy.pass_packet" which
could be valid.

Task OISF#5816

(cherry picked from commit 172b55c)
@jufajardini jufajardini requested review from victorjulien and a team as code owners April 12, 2024 01:57
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 20019

@catenacyber
Copy link
Contributor

Why do we need to backport #10800 ?

@jufajardini
Copy link
Contributor Author

Why do we need to backport #10800 ?

Don't need to, but the changes wanted to sneak in with mine, so thought I'd just bring them. Should I drop that commit?

@catenacyber
Copy link
Contributor

Don't need to, but the changes wanted to sneak in with mine, so thought I'd just bring them. Should I drop that commit?

Thanks for the explanation, I would keep it for cleanness of cherry-picks as this is not changing Suri behavior

catenacyber
catenacyber approved these changes Apr 17, 2024
View reviewed changes
Copy link
Contributor

@catenacyber catenacyber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM as consistent with changes merged in master

CI : 🟢
Code : consistent with changes merged in master
Commits segmentation : consistent with changes merged in master
Commit messages : consistent with changes merged in master
Git ID set : looks fine for me
CLA : you already contributed :-p
Doc update : consistent with changes merged in master
Redmine ticket : ok
Rustfmt : no rust
Tests : 🟢
Dependencies added: none

@jufajardini
Copy link
Contributor Author

We're taking time to rethink a bit if what the output looks like right now is what we want, or if we'd like to re-work those. As such, I'll close this for now, as it's very likely that there will be updates that'd impact the backports, too.

@catenacyber catenacyber mentioned this pull request Apr 29, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber approved these changes

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@jufajardini @suricata-qa @catenacyber