Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

next/400/70x/20240416/v1 #10861

Merged
merged 6 commits into from
Apr 16, 2024
Merged

next/400/70x/20240416/v1 #10861

merged 6 commits into from
Apr 16, 2024

Commits on Apr 16, 2024

  1. defrag: match up v4 and v6 packet setup 

    v4 was doing redundant recursion level setup.

v6 was missing PKT_REBUILT_FRAGMENT flag.

(cherry picked from commit af97316)
    @victorjulien
    victorjulien committed Apr 16, 2024
    Configuration menu
    Copy the full SHA
    8404a7f View commit details
    Browse the repository at this point in the history

  2. defrag: fix wrong datalink being logged 

    Eve's packet_info.linktype should correctly indicated what the `packet`
field contains. Until now it was using DLT_RAW even if Ethernet or other
L2+ headers were present.

This commit records the datalink of the packet creating the first
fragment, which can include the L2+ header data.

Bug: OISF#6887.
(cherry picked from commit 49c67b2)
    @victorjulien
    victorjulien committed Apr 16, 2024
    Configuration menu
    Copy the full SHA
    6210b82 View commit details
    Browse the repository at this point in the history

  3. pcap: support LINKTYPE_IPV6 (229) 

    This is just another variant of DLT_RAW.

Ticket: OISF#6943.
(cherry picked from commit 7632236)
    @victorjulien
    victorjulien committed Apr 16, 2024
    Configuration menu
    Copy the full SHA
    b146068 View commit details
    Browse the repository at this point in the history

  4. stats: Fix non-worker stats missing 

    Commit b8b8aa6 used tm_name of the
first StatsRecord of a thread block as key for the "threads" object.
However, depending on the type of thread, tm_name can be NULL and would
result in no entry being included for that thread at all. This caused
non-worker metrics to vanish from the "threads" object in the
dump-counters output.

This patch fixes this by remembering the first occurrence of a valid
tm_name within the per-thread block and adds another unittest to
cover this scenario.

(cherry picked from commit f172041)
    @awelzel @victorjulien
    awelzel authored and victorjulien committed Apr 16, 2024
    Configuration menu
    Copy the full SHA
    fc8a360 View commit details
    Browse the repository at this point in the history

  5. schema: Add stats.capture and in_iface properties 

    New suricata-verify test listens on loopback interface, resulting
in the capture and in_iface fields in the stats and event objects.

(cherry picked from commit f9cf87a)
    @awelzel @victorjulien
    awelzel authored and victorjulien committed Apr 16, 2024
    Configuration menu
    Copy the full SHA
    ba46f2f View commit details
    Browse the repository at this point in the history

  6. flow/inject: Select thread_id by flow flag 

    Issue: 6957

Rather than selecting the thread_id index by packets traveling to the
server, use the flow flags. If the flow has been reversed, the second
slot is represents the thread id to be used.

(cherry picked from commit c305ed1)
    @jlucovsky @victorjulien
    jlucovsky authored and victorjulien committed Apr 16, 2024
    Configuration menu
    Copy the full SHA
    6be6d53 View commit details
    Browse the repository at this point in the history