Next/20210212/v6 #5839
Closed
Next/20210212/v6 #5839
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix a 'skipped' transaction early in the list leading to all further transactions getting skipped, even if they were fully processed and ready to be cleaned up.
Sleep 250 microseconds instead of 100 as running in KVM cause the old value to use 100% CPU for these threads. Perf testing suggests no measurable impact for the non-KVM case. Ticket: OISF#4096
In some cases, the InspectionBufferGet function would be followed by a failure to set the buffer up, for example due to a HTTP body limit not yet being reached. Yet each call to InspectionBufferGet would lead to the matching list_id to be added to the DetectEngineThreadCtx::inspect.to_clear_queue. This array is sized to add each list only once, but in this case the same id could be added multiple times, potentially overflowing the array.
This commit corrects the validation check between the number of variables used and the number of specified capture groups.
This will prevent JSON entries like the following that occur
with the dedault configuration (ja3 deactivated and extended
tls ouput activated):
"tls": {
"subject": "C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com",
"issuerdn": "C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com",
"serial": "00:9C:FC:DA:1D:A4:70:87:5D",
"fingerprint": "b8:18:2d:cb:c9:f8:1a:66:75:13:18:31:24:e0:92:35:42:ab:96:89",
"version": "TLSv1",
"notbefore": "2020-05-03T11:07:28",
"notafter": "2021-05-03T11:07:28",
"ja3": {},
"ja3s": {}
}
Commit 93642a0 did prevent to specify the logging directory on command line and use the unix socket. It looks like the implementation has evolved and the arbitrary limitation can be removed allowing a user to start unix socket without editing the configuration file.
If the filename has to % sign and if pcap logging is using multi mode, then the pcap capture will fail. So let's exit if ever this is the case.
Exit with error if a keyword is not supported or not existing and display a message.
Ignore .a library files as we now have one created in src/ as part of adding a Suricata library.
AppLayerRegisterParser was creating a link error when attempting to use a convenience library for the Suricata C code, then linking the library of C code with the library of Rust code into a final Suricata executable, or use with fuzz targets. By moving AppLayerRegisterParser to the context structure and calling it like a callback the circular reference is removed allowing the convenience libraries to work again. This is also a stepping block to proving a Suricata library as a single .a or .so file.
Merged
|
Replaced by #5840 |
lukashino
pushed a commit
to lukashino/suricata
that referenced
this pull request
Oct 9, 2023
When packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: OISF#5839
lukashino
pushed a commit
to lukashino/suricata
that referenced
this pull request
Oct 11, 2023
When packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: OISF#5839
lukashino
pushed a commit
to lukashino/suricata
that referenced
this pull request
Oct 11, 2023
When packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: OISF#5839
lukashino
pushed a commit
to lukashino/suricata
that referenced
this pull request
Oct 11, 2023
When packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: OISF#5839
lukashino
pushed a commit
to lukashino/suricata
that referenced
this pull request
Oct 25, 2023
When packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: OISF#5839
lukashino
pushed a commit
to lukashino/suricata
that referenced
this pull request
Oct 25, 2023
When the packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: OISF#5839
lukashino
pushed a commit
to lukashino/suricata
that referenced
this pull request
Oct 25, 2023
When the packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: OISF#5839
lukashino
pushed a commit
to lukashino/suricata
that referenced
this pull request
Oct 30, 2023
When the packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: OISF#5839
lukashino
pushed a commit
to lukashino/suricata
that referenced
this pull request
Oct 31, 2023
When the packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: OISF#5839
lukashino
pushed a commit
to lukashino/suricata
that referenced
this pull request
Oct 31, 2023
When the packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: OISF#5839
lukashino
pushed a commit
to lukashino/suricata
that referenced
this pull request
Oct 31, 2023
When the packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: OISF#5839
lukashino
pushed a commit
to lukashino/suricata
that referenced
this pull request
Jan 12, 2024
When the packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: OISF#5839
lukashino
pushed a commit
to lukashino/suricata
that referenced
this pull request
Jan 15, 2024
When the packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: OISF#5839
victorjulien
pushed a commit
to victorjulien/suricata
that referenced
this pull request
Jan 19, 2024
When the packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: OISF#5839
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#5833
124fd94
#5827
#5816
#5805
#5834
13700b6
ef53224
#5838 minus the network layers fix