Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packet alerts/v6 #6943

Closed
wants to merge 4 commits into from
Closed

Packet alerts/v6 #6943

wants to merge 4 commits into from

Conversation

jufajardini
Copy link
Contributor

Previous PR: #6931

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/4207

Describe changes:

  • decode: replace BUG_ON check with config value checks and warning, falling back to defaults
  • fix typo

suricata-verify-pr: 694

jufajardini and others added 4 commits February 7, 2022 15:40
@jufajardini
unittests: alloc Packet with PacketGetFromAlloc
6c28c0e 
Some unittests used SCMalloc for allocating new Packet the unittests.
While this is valid, it leads to segmentation faults when we move to
dynamic allocation of the maximum alerts allowed to be triggered by a
single packet.

This massive patch uses PacketGetFromAlloc, which initializes a Packet
in such a way that any dynamic allocated structures within will also be
initialized.

Related to
Task OISF#4207
@jufajardini
decode: make packet_alert_max configurable
c196c3c 
The maximum of possible alerts triggered by a unique packet was
hardcoded to 15. With usage of 'noalert' rules, that limit could be
reached somewhat easily. Make that configurable via suricata.yaml.

Conf Bug#4941

Task OISF#4207
@jufajardini
detect-engine-alert: fix tipo
6c53ec6 
Plus small clang formatting change.
@victorjulien @jufajardini
detect/alert: optimize alert queue processing
0c01d06
@jufajardini jufajardini requested a review from a team as a code owner February 7, 2022 20:11
@jufajardini jufajardini mentioned this pull request Feb 7, 2022
Closed
@codecov
Copy link

codecov bot commented Feb 7, 2022

Codecov Report

Merging #6943 (0c01d06) into master (97ef60c) will decrease coverage by 0.01%.
The diff coverage is 96.73%.

@@            Coverage Diff             @@
##           master    #6943      +/-   ##
==========================================
- Coverage   77.74%   77.73%   -0.02%     
==========================================
  Files         628      628              
  Lines      185648   185547     -101     
==========================================
- Hits       144332   144234      -98     
+ Misses      41316    41313       -3
Flag Coverage Δ
fuzzcorpus 58.28% <71.87%> (-0.02%) ⬇️
suricata-verify 54.44% <88.88%> (+0.01%) ⬆️
unittests 63.06% <93.91%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 6144

@victorjulien
Copy link
Member

I think this looks good, but we still need to look at the feedback on my patch that Philippe pointed out in #6896

@jufajardini
Copy link
Contributor Author

I think this looks good, but we still need to look at the feedback on my patch that Philippe pointed out in #6896

Okey dokey, should I try to address those as well?

@jufajardini jufajardini mentioned this pull request Feb 14, 2022
Closed
@jufajardini
Copy link
Contributor Author

replaced by #6999

@jufajardini jufajardini deleted the packet-alerts/v6 branch May 2, 2022 13:01
victorjulien added a commit to victorjulien/suricata that referenced this pull request Apr 12, 2024
@victorjulien
pcap: support LINKTYPE_IPV6 (229)
5532a54 
This is just another variant of DLT_RAW.

Ticket: OISF#6943.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Apr 13, 2024
@victorjulien
pcap: support LINKTYPE_IPV6 (229)
e3199e7 
This is just another variant of DLT_RAW.

Ticket: OISF#6943.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Apr 13, 2024
@victorjulien
pcap: support LINKTYPE_IPV6 (229)
7632236 
This is just another variant of DLT_RAW.

Ticket: OISF#6943.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Apr 15, 2024
@victorjulien
pcap: support LINKTYPE_IPV6 (229)
65cc167 
This is just another variant of DLT_RAW.

Ticket: OISF#6943.
(cherry picked from commit 7632236)
victorjulien added a commit to victorjulien/suricata that referenced this pull request Apr 16, 2024
@victorjulien
pcap: support LINKTYPE_IPV6 (229)
b146068 
This is just another variant of DLT_RAW.

Ticket: OISF#6943.
(cherry picked from commit 7632236)
victorjulien added a commit to victorjulien/suricata that referenced this pull request Apr 17, 2024
@victorjulien
pcap: support LINKTYPE_IPV6 (229)
04b6b96 
This is just another variant of DLT_RAW.

Ticket: OISF#6943.
(cherry picked from commit 7632236)
victorjulien added a commit to victorjulien/suricata that referenced this pull request Apr 18, 2024
@victorjulien
pcap: support LINKTYPE_IPV6 (229)
1aac268 
This is just another variant of DLT_RAW.

Ticket: OISF#6943.
(cherry picked from commit 7632236)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@jufajardini @suricata-qa @victorjulien