Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Testimony feature 3675 v3 #4924

Closed
wants to merge 4 commits into from
Closed

Testimony feature 3675 v3 #4924

wants to merge 4 commits into from

Conversation

MalakhatkoVadym
Copy link
Contributor

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3675

Describe changes:

  • Adds testimony packet source to suricata

Testimony is a single-machine, multi-process architecture for sharing AF_PACKET data across processes.
https://github.com/google/testimony

Modifies #4923 by adding placeholders for TmModuleReceiveTestimonyRegister and TmModuleDecodeTestimonyRegister functions if testimony is not enabled and adding hints for user if --testimony option is present but testimony is disabled.

Testing

I tested with 2 testimonyd's running:

sudo testimonyd --config=/etc/testimony.conf

[
  {
      "SocketName": "/tmp/testimony.sock"
    , "Interface": "eth0"
    , "BlockSize": 1048576
    , "NumBlocks": 16
    , "FanoutSize": 4
    , "BlockTimeoutMillis": 1000
    , "User": "root"
  }
]

interface - "eth0"
socket path - "/tmp/testimony.sock"
Fanout size - "4" (packets are balanced between 4 memory blocks, so suricata can use receive thread for each memory block).

sudo testimonyd --config=/etc/testimony2.conf

[
  {
      "SocketName": "/tmp/testimony2.sock"
    , "Interface": "eth1"
    , "BlockSize": 1048576
    , "NumBlocks": 16
    , "BlockTimeoutMillis": 1000
    , "FanoutSize": 1
    , "User": "root"
  }
]

interface - "eth1"
socket path - "/tmp/testimony2.sock"
Fanout size - "1" (packets are not balanced between memory blocks).

sudo suricata -c /etc/suricata/suricata.yaml -k none --testimony=/tmp/testimony.sock --testimony=/tmp/testimony2.sock

suricata.yaml :

testimony:
  - socket: /tmp/testimony.sock
    fanout-size: 4

@MalakhatkoVadym MalakhatkoVadym requested review from norg and a team as code owners May 6, 2020 16:10
@MalakhatkoVadym MalakhatkoVadym mentioned this pull request May 6, 2020
Closed
jasonish added a commit to jasonish/suricata that referenced this pull request Dec 21, 2021
@jasonish
dns: create transaction even if z-bit was set
fcbdc30 
It appears that DNS servers will still process a DNS request even if the
z-bit is set, our parser will fail the transaction. So create the
transaction, but still set the event.

Ticket OISF#4924
jlucovsky pushed a commit to jlucovsky/suricata that referenced this pull request Jan 14, 2022
@jasonish @jlucovsky
dns: create transaction even if z-bit was set
0874289 
It appears that DNS servers will still process a DNS request even if the
z-bit is set, our parser will fail the transaction. So create the
transaction, but still set the event.

Ticket OISF#4924

(cherry picked from commit fcbdc30)
jlucovsky pushed a commit to jlucovsky/suricata that referenced this pull request Jan 15, 2022
@jasonish @jlucovsky
dns: create transaction even if z-bit was set
63d8554 
It appears that DNS servers will still process a DNS request even if the
z-bit is set, our parser will fail the transaction. So create the
transaction, but still set the event.

Ticket OISF#4924

(cherry picked from commit fcbdc30)
inashivb pushed a commit to inashivb/suricata that referenced this pull request Jan 18, 2022
@jasonish @inashivb
dns: create transaction even if z-bit was set
917ce49 
It appears that DNS servers will still process a DNS request even if the
z-bit is set, our parser will fail the transaction. So create the
transaction, but still set the event.

Ticket OISF#4924

(cherry picked from commit fcbdc30)
inashivb pushed a commit to inashivb/suricata that referenced this pull request Jan 18, 2022
@jasonish @inashivb
dns: create transaction even if z-bit was set
a7d9fad 
It appears that DNS servers will still process a DNS request even if the
z-bit is set, our parser will fail the transaction. So create the
transaction, but still set the event.

Ticket OISF#4924

(cherry picked from commit fcbdc30)
inashivb pushed a commit to inashivb/suricata that referenced this pull request Jan 18, 2022
@jasonish @inashivb
dns: create transaction even if z-bit was set
e072b53 
It appears that DNS servers will still process a DNS request even if the
z-bit is set, our parser will fail the transaction. So create the
transaction, but still set the event.

Ticket OISF#4924

(cherry picked from commit fcbdc30)
inashivb pushed a commit to inashivb/suricata that referenced this pull request Jan 20, 2022
@jasonish @inashivb
dns: create transaction even if z-bit was set
6a55c14 
It appears that DNS servers will still process a DNS request even if the
z-bit is set, our parser will fail the transaction. So create the
transaction, but still set the event.

Ticket OISF#4924

(cherry picked from commit fcbdc30)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@norg norg Awaiting requested review from norg

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
1 participant
@MalakhatkoVadym