Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Output notx 6846 backport7 v2 #11082

Closed
wants to merge 4 commits into from
Closed

Output notx 6846 backport7 v2 #11082

wants to merge 4 commits into from

Conversation

catenacyber
Copy link
Contributor

@catenacyber catenacyber commented May 15, 2024
edited
Loading

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6848
https://redmine.openinfosecfoundation.org/issues/6975

Describe changes:

No backport of #11064 other commits as they bring in features (specifying transaction ids for frames), instead of fixing the bug that we were logging tx id 0 when irrelevant

First Commit 910f6af needed a small conflict fix in detect-engine-alert.c AlertQueueSortHelper, because of style

if (a) 
    return x;
else
    return y;

was turned into

if (a) 
    return x;
return y;

#10889 new version with later commits

@catenacyber
output: do not use tx id 0 when there is no tx
61c3428 
Ticket: 6846

This led to packet rules logging irrelevant app-layer data

(cherry picked from commit 910f6af)
@catenacyber
output/alert: check flag before logging app-layer
a9284fd 
Ticket: 6846
(cherry picked from commit 2b4e102)
@catenacyber
detect: use direction-based tx for app-layer logging
91e19a8 
When we only have stream matches.

Ticket: 6846

This solves the case where another transaction was created
by parsing data in the other direction, before running the
detection.

Like
1. get data in direction 1
2. acked data: parse it, but do not run detection in dir 1
3. other data in direction 2
4. other data acked : parse it and create new tx,
then run detection for direction 1 with data from first packet

(cherry picked from commit 7274ad5)
@catenacyber
detect: log relevant frames app-layer metadata
497ca6c 
Ticket: 6973

Completes commit 2b4e102

(cherry picked from commit 9e01956)
@catenacyber
Copy link
Contributor Author

CI will be red until #11062 is back ported

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 20630

@catenacyber catenacyber mentioned this pull request May 23, 2024
Closed
@catenacyber
Copy link
Contributor Author

Rebased in #11126

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @suricata-qa