Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Next/20220827/v2 #7787

Merged
merged 8 commits into from
Aug 29, 2022
Merged

Next/20220827/v2 #7787

merged 8 commits into from
Aug 29, 2022

Conversation

inashivb
Copy link
Member

catenacyber and others added 8 commits August 26, 2022 15:50
@catenacyber @victorjulien
detect: support file.data for HTTP1 to server
e587f67 
That is file sent with POST or PUT

Ticket: OISF#4144
@inashivb
tls: add tls.random* keywords
42c3f41 
Add tls.random keyword that matches on the 32 bytes of the TLS
random field for client as well as server.
Add tls.random_time keyword that matches on the first 4 bytes of the TLS
random field for client as well as server.
Add tls.random_bytes keyword that matches on the last 28 bytes of the TLS
random field for client as well as server.

All these are sticky buffers.

Feature 5190
@inashivb
doc: add description for tls.random
a77977e
@inashivb
tls/sni: remove unused fn declaration
78045d3
@victorjulien @inashivb
stream: minor code cleanup
55b2077
@victorjulien @inashivb
stream/ids: make sure we don't slide past last_ack
f04b7a1 
Bug: OISF#5401.
@victorjulien @inashivb
detect/frames: fix too strict debug check
d31beba 
Frame::len is -1 if it is still unknown. Handle that in the debug
check.
@victorjulien @inashivb
detect: fix duplicate detect state issue
1bff888 
For protocols with multi buffer inspection there could be multiple times
the same sid would be queued into the candidates queue. This triggered
a debug validation check.

W/o debug validation this would lead to duplicate work and possibly multiple
alerts where a single one would be appropriate.

Bug: 5419.
@inashivb inashivb marked this pull request as ready for review August 29, 2022 04:48
@codecov
Copy link

codecov bot commented Aug 29, 2022

Codecov Report

Merging #7787 (1bff888) into master (50f8779) will decrease coverage by 0.02%.
The diff coverage is 48.14%.

@@            Coverage Diff             @@
##           master    #7787      +/-   ##
==========================================
- Coverage   76.08%   76.05%   -0.03%     
==========================================
  Files         662      663       +1     
  Lines      185776   185872      +96     
==========================================
+ Hits       141350   141372      +22     
- Misses      44426    44500      +74
Flag Coverage Δ
fuzzcorpus 60.99% <48.14%> (-0.02%) ⬇️
suricata-verify 52.51% <51.20%> (-0.03%) ⬇️
unittests 60.71% <51.20%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

WARNING:

field test baseline %
tlpw2_single_stats_chk
.flow.spare 1950080 1835514 106.24%
tlpw2_autofp_stats_chk
.flow.spare 1962779 1812994 108.26%
.flow.memuse 518377728 550537728 94.16%
tlpr1_stats_chk
.flow.memuse 574614208 845888448 67.93%
.http.memuse 16440 49320 33.33%
ips_afp_stats_chk
.decoder.udp 387438053 410851438 94.3%
.flow.end.state.new 123850 10800 1146.76%
.flow.end.state.closed 1966499 2097352 93.76%
.flow.end.tcp_state.closed 1959675 2097352 93.44%
.flow.end.tcp_liberal 355385 108000 329.06%
.flow.memuse 874440448 1081197888 80.88%
.tcp.reassembly_gap 1188006 108000 1100.01%
.app_layer.flow.http 410475 434160 94.54%
.app_layer.flow.tls 918008 974152 94.24%
.app_layer.flow.failed_tcp 203105 218160 93.1%
.app_layer.tx.ftp 242528 263520 92.03%
.app_layer.tx.smtp 129321 149040 86.77%
.app_layer.tx.dcerpc_tcp 944093 1101600 85.7%
.app_layer.error.ftp.parser 58247 64800 89.89%
generic_stats_chk
.capture.kernel_drops 0 5654519 0.0%
.flow.end.state.new 6272 14867 42.19%
.flow.end.tcp_state.syn_sent 0 183 0.0%
.flow.end.tcp_state.syn_recv 0 52 0.0%
.flow.end.tcp_state.established 53996 61527 87.76%
.flow.end.tcp_liberal 80952 90436 89.51%
.flow.memuse 760815168 709384128 107.25%
.tcp.segment_memcap_drop 0 11729 0.0%
.tcp.reassembly_gap 80952 114099 70.95%
.tcp.insert_data_normal_fail 0 11358 0.0%
.app_layer.error.http.parser 0 55 0.0%
.app_layer.error.smtp.gap 0 61 0.0%
.app_layer.error.tls.gap 53852 60833 88.52%

Pipeline 8843
WARNING: THERE IS A KNOWN BAD BASELINE WITH PACKET DROPS. bE MINDFUL OF ANY RESULTS.

@victorjulien victorjulien merged commit 1bff888 into OISF:master Aug 29, 2022
This was referenced Aug 29, 2022
Closed
Closed
Closed
@inashivb inashivb deleted the next/20220827/v2 branch August 29, 2022 10:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@inashivb @suricata-qa @victorjulien @catenacyber