-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Batch backports to 5.0.x #6795
Merged
Merged
Batch backports to 5.0.x #6795
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(cherry picked from commit 7be793f)
Rules profiling was returning invalid results when used with sample rate. The problem was that the sample condition was run twice in the packet flow. As a result, the second pass was not initializing the variable storing the initial CPU ticks and the resulting performance counters were reporting invalid values. Bug: OISF#4836. (cherry picked from commit 6d5f596)
Ticket: 4812 When adding many sequence nodes (cherry picked from commit 1564942)
Issue: OISF#4895 This commit causes Suricata to reject signatures that combine TCP-based alerts using file_data with NFS keywords. file_data doesn't support the NFS protocol.
(cherry picked from commit 2a5d79e)
Issue: 4947 Improve handling of values returned by recv. Sometimes, recv returns an empty string if suricata terminates asynchronously. (cherry picked from commit fc6fdef)
Use util function in all code needing the ack'd data. (cherry picked from commit 258415b)
When testing for fanout support a cluster-id of 1 was always being used instead of the configured cluster-id. This limited fanout support to only one Suricata instance. Instead of hardcoding an ID of 1, use the configured cluster-id. Also make cluster_id a uint16_t instead of an int in AFPThreadVars. Redmine issue: https://redmine.openinfosecfoundation.org/issues/3419 (cherry picked from commit df0ed6f)
Move initialization of datasets to a point after privileges have been dropped. Ticket 4239 (cherry picked from commit 92eb14c)
Reset PacketRelease callback to make sure its not set to a capture specific callback. As an example: 0x000055e00af09d35 in AFPReleaseDataFromRing (p=0x7f1d884cb830) at source-af-packet.c:653 0x000055e00af09dd0 in AFPReleasePacket (p=0x7f1d884cb830) at source-af-packet.c:678 0x000055e00ab53d7e in TmqhOutputPacketpool (t=0x55e00fb79250, p=0x7f1d884cb830) at tmqh-packetpool.c:465 0x000055e00af08dec in TmThreadsSlotProcessPkt (tv=0x55e00fb79250, s=0x55e012134790, p=0x7f1d884cb830) at tm-threads.h:201 0x000055e00af08e70 in TmThreadsCaptureInjectPacket (tv=0x55e00fb79250, p=0x7f1d884cb830) at tm-threads.h:221 0x000055e00af08f2e in TmThreadsCaptureHandleTimeout (tv=0x55e00fb79250, p=0x0) at tm-threads.h:245 0x000055e00af0ba76 in ReceiveAFPLoop (tv=0x55e00fb79250, data=0x7f1d884ccb60, slot=0x55e01198e4b0) at source-af-packet.c:1321 0x000055e00ab55257 in TmThreadsSlotPktAcqLoop (td=0x55e00fb79250) at tm-threads.c:312 0x00007f1dca9d5609 in start_thread (arg=<optimized out>) at pthread_create.c:477 0x00007f1dca7c6293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Here the packet was a pseudo packet to handle a timeout condition. But the ReleasePacket callback was still set to AFPReleasePacket from a previous use of the Packet. Bug: OISF#4807. (cherry picked from commit 07ce871)
It differentiates memory error than regular ones. (cherry picked from commit 0e70958)
(cherry picked from commit c1bffa9)
jlucovsky
requested review from
jasonish,
norg,
victorjulien and
a team
as code owners
January 15, 2022 13:14
WARNING: ERROR: QA failed on tlpw1_files_sha256. ERROR: QA failed on tlpw1_files_md5.
Pipeline 5709 |
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Feb 26, 2024
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Feb 26, 2024
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Feb 27, 2024
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Feb 27, 2024
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Feb 27, 2024
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Feb 27, 2024
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Feb 28, 2024
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Feb 28, 2024
Instead of using in place insertion sort on linked list based on two keys, convert the linked list to an array, perform sorting on it using qsort and convert it back to a linked list. This turns out to be much faster. Ticket OISF#6795
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Mar 1, 2024
Instead of using in place insertion sort on linked list based on two keys, convert the linked list to an array, perform sorting on it using qsort and convert it back to a linked list. This turns out to be much faster. Ticket OISF#6795
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Mar 1, 2024
Instead of using in place insertion sort on linked list based on two keys, convert the linked list to an array, perform sorting on it using qsort and convert it back to a linked list. This turns out to be much faster. Ticket OISF#6795
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Mar 1, 2024
Instead of using in place insertion sort on linked list based on two keys, convert the linked list to an array, perform sorting on it using qsort and convert it back to a linked list. This turns out to be much faster. Ticket OISF#6795
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Mar 2, 2024
Instead of using in place insertion sort on linked list based on two keys, convert the linked list to an array, perform sorting on it using qsort and convert it back to a linked list. This turns out to be much faster. Ticket OISF#6795
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Mar 4, 2024
Instead of using in place insertion sort on linked list based on two keys, convert the linked list to an array, perform sorting on it using qsort and convert it back to a linked list. This turns out to be much faster. Ticket OISF#6795
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Mar 4, 2024
Instead of using in place insertion sort on linked list based on two keys, convert the linked list to an array, perform sorting on it using qsort and convert it back to a linked list. This turns out to be much faster. Ticket OISF#6795
inashivb
pushed a commit
to inashivb/suricata
that referenced
this pull request
Mar 4, 2024
Instead of using in place insertion sort on linked list based on two keys, convert the linked list to an array, perform sorting on it using qsort and convert it back to a linked list. This turns out to be much faster. Ticket OISF#6795
victorjulien
added a commit
to victorjulien/suricata
that referenced
this pull request
Mar 4, 2024
Instead of using in place insertion sort on linked list based on two keys, convert the linked list to an array, perform sorting on it using qsort and convert it back to a linked list. This turns out to be much faster. Ticket OISF#6795
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Continuation of #6738
Link to redmine ticket:
Describe changes:
Updates:
#suricata-verify-pr:
#suricata-verify-repo:
#suricata-verify-branch:
#suricata-update-pr:
#suricata-update-repo:
#suricata-update-branch:
#libhtp-pr:
#libhtp-repo:
#libhtp-branch: