Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Next/20220825/v9 #7767

Merged
merged 17 commits into from
Aug 26, 2022
Merged

Next/20220825/v9 #7767

merged 17 commits into from
Aug 26, 2022

Conversation

victorjulien
Copy link
Member

catenacyber and others added 17 commits August 22, 2022 17:32
@catenacyber
smb: do not use tree id to match create request and response
e94920b 
As an SMB2 async response does not have a tree id, even if
the request has it.

Per spec, MessageId should be enough to identifiy a message request
and response uniquely across all messages that are sent on the same
SMB2 Protocol transport connection.
So, the tree id is redundant anyways.

Ticket: OISF#5508
@catenacyber @victorjulien
protocol-change: sets event in case of failure
11f849c 
Protocol change can fail if one protocol change is already
occuring.

Ticket: OISF#5509
@dependabot @victorjulien
github-actions: bump actions/cache from 3.0.7 to 3.0.8
7be28ae 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.7 to 3.0.8.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@a7c34ad...fd5de65)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@jmtaylor90 @victorjulien
userguide: update dsize documentation/examples
c29942c 
Signed-off-by: jason taylor <jtfas90@gmail.com>
@regit @victorjulien
luajit: fix unittests build
01bf0ad 
When building with the following options:

 ./configure CC=clang --enable-luajit --enable-geoip --enable-unittests

There is a build failure:

runmode-unittests.c:234:9: error: implicit declaration of function 'LuajitSetupStatesPool' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
    if (LuajitSetupStatesPool() != 0) {
@jufajardini @victorjulien
decode: make PacketDrop use action as parameter
1774ff1 
A Packet may be dropped due to several different reasons. This change
adds action as a parameter, so we can update the packet action when we
drop it, instead of setting it to drop.

Related to
Bug OISF#5458
@jufajardini @victorjulien
detect/alert: ensure reject action is applied
1f54e86 
Bug 5458 states that the reject action is no longer working. While SV
tests that use the reject action still pass, it indeed seems that a
regression has happened with commit aa93984, because while the
function that applies rule actions to the flow (RuleActionToFlow) does
check for the reject action, the newly added function PacketApply
SignatureActions only checks for ACTION_DROP or ACTION_PASS when
deciding to call RuleActionToFlow.

Bug OISF#5458
@jufajardini @victorjulien
decode: validate if dropped packet has drop reason
abd595d 
Related to
Bug OISF#5458
@jufajardini @victorjulien
detect/alert: add unittests to check packet action
f897761 
Add unittests to check that packet flags are correctly updated after
detection finds drop or reject rules that match.

Related to
Bug OISF#5458
@jufajardini @victorjulien
stream/tcp: remove repeated header declaration
d07a6c6 
StreamTcpRegisterTests was being declared twice.
@jufajardini @victorjulien
decode: remove unused macros, replace w/ functions
e7727c3 
With the recent changes, these macros weren't being used anymore.

Related to
Bug OISF#5458
@victorjulien
packetpool: ifdef debug check
aa09d5f
@victorjulien
profiling: fix implicit-int-float-conversion warnings
b01c311
@catenacyber @victorjulien
fuzz: remove check about max transactions
617c9fb 
Suricata can indeed pipeline many HTTP1 transactions
@catenacyber @victorjulien
fuzz: disable enip detection based on source port
d1ebf32 
So as to avoid fuzzing detecting protocol polyglots with enip
@regit @victorjulien
rust/smb/dcerpc: parse context id
b6f1cf2 
As context id is used to know to which variant of the endpoint the
request is done, it is interesting to parse it.

Feature OISF#5413.
@regit @victorjulien
rust/smb: log uuid of interface in dcerpc
2cc9152 
When doing a DCERPC request, we can use the context id to log the
interface that is used. Doing that we can see in one single event
what is the DCERPC interface and opnum that are used. This allows
to have all the information needed to resolve the request to a
function call.

Feature OISF#5413.
@codecov
Copy link

codecov bot commented Aug 25, 2022

Codecov Report

Merging #7767 (2cc9152) into master (9353b07) will increase coverage by 0.08%.
The diff coverage is 86.66%.

@@            Coverage Diff             @@
##           master    #7767      +/-   ##
==========================================
+ Coverage   75.98%   76.06%   +0.08%     
==========================================
  Files         661      662       +1     
  Lines      185764   185789      +25     
==========================================
+ Hits       141152   141322     +170     
+ Misses      44612    44467     -145
Flag Coverage Δ
fuzzcorpus 60.94% <54.54%> (+0.11%) ⬆️
suricata-verify 52.55% <69.23%> (+0.03%) ⬆️
unittests 60.70% <72.72%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information:

ERROR: QA failed on ips_afp_drop_chk.

field test baseline %
ips_afp_stats_chk
.flow.end.state.new 18152 10800 168.07%
.flow.end.tcp_liberal 120176 108000 111.27%
.tcp.reassembly_gap 143117 108000 132.52%
generic_stats_chk
.capture.kernel_drops 6893567 5654519 121.91%
.flow.end.state.new 22647 14867 152.33%
.flow.end.tcp_state.syn_sent 2395 183 1308.74%
.flow.end.tcp_liberal 104229 90436 115.25%
.tcp.segment_memcap_drop 908 11729 7.74%
.tcp.reassembly_gap 183309 114099 160.66%
.tcp.insert_data_normal_fail 772 11358 6.8%
.app_layer.error.http.parser 88 55 160.0%
.app_layer.error.smtp.gap 115 61 188.52%
.app_layer.error.tls.gap 73796 60833 121.31%

Pipeline 8777
WARNING: THERE IS A KNOWN BAD BASELINE WITH PACKET DROPS. bE MINDFUL OF ANY RESULTS.

@victorjulien victorjulien mentioned this pull request Aug 25, 2022
Closed
@victorjulien victorjulien merged commit 2cc9152 into OISF:master Aug 26, 2022
@victorjulien victorjulien deleted the next/20220825/v9 branch September 19, 2022 07:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
6 participants
@victorjulien @suricata-qa @catenacyber @jmtaylor90 @regit @jufajardini