Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Next/60x/20220926/v7 #7936

Merged
merged 15 commits into from
Sep 27, 2022
Merged

Next/60x/20220926/v7 #7936

merged 15 commits into from
Sep 27, 2022

Conversation

victorjulien
Copy link
Member

jasonish and others added 15 commits September 20, 2022 11:51
@jasonish
detect: allow rule errors to display error, but not be fatal
726de4e 
Add a new setup return code, -4 which will print the error, but not
error out in test mode. This is to support allowing incomplete hex, as
there is no context as to which rule had the issue.

For context:
- -3: error ok, no message
- -2: error not ok, no message
- -4: error ok, message
@jasonish
content: don't error out on incomplete hex
8174ba9 
Before 6.0.6 if hex content was incomplete, Suricata didn't error out.
With 6.0.6 incomplete hex was detected and errored on which is a
breaking change in a release branch.  Instead, only emit a warning
unless strict content checking has been requested.

To enable strict behaviour on incomplete content hex in a rule,
"--strict-rule-keywords=content" can be used on the command line.

Issue: OISF#5546
@victorjulien
detect/flowbits: more permissive parsing by default
7183e76 
To get strict parsing, `--strict-rule-keywords=flowbits` command line
option can be used.

Bug: OISF#5547.
@catenacyber @victorjulien
mqtt: limits the number of active transactions per flow
e029f80 
Ticket: 4530

So, that we do not get DOS by quadratic complexity, while
looking for a new pkt_id over the ever growing list
of active transactions

(cherry picked from commit a8079dc)
@catenacyber @victorjulien
mqtt: make max transactions configurable
18c6163 
Allows users to find balance between completeness of decoding
and increases resource consumption, which can DOS suricata.

(cherry picked from commit e42094f)
@jlucovsky @victorjulien
mqtt: convert transaction list to vecdeque
ba37574 
Ticket: 5430
@catenacyber @victorjulien
mqtt: remove quadratic time complexity
40d1bb3 
When having many transactions in a single parsing call...

Fix has overhead of having one more field in the mqtt state.

Completes commit a8079dc

Ticket: OISF#5399
(cherry picked from commit e160917)
@jasonish @victorjulien
detect: fix user after free in debug log
0ca09ec 
Found by gcc 12.2.1.
@jasonish @victorjulien
requirements: use suricata-update 1.2.5
bb84806
@catenacyber @victorjulien
flow/icmpv4: fix vlan.use-for-tracking
c31d359 
For ICMPv4 error messages the vlan ids were always considered,
even if the 'vlan.use-for-tracking' option was disabled.

Ticket: OISF#5330
(cherry picked from commit ce2775d)
@catenacyber @victorjulien
source: pcap timestamp microsecond consistency
047661a 
That is it should be less than 1 000 000.
Have the same for fuzz targets where the bug came from.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44177
(cherry picked from commit 8ecf7e4)
@jufajardini @victorjulien
stream/tcp: typo fix
aafbf36
@jufajardini @victorjulien
userguide: minor rewording and typo fixes
9e571b6 
Some of these were recently introduced, some were highlited after the
applayer sections got merged. Some paragraphs seem to have been changed
due to trying to respect character limits for lines. Also includes a
typo pointed out by one of our community members via Discord.
@jufajardini @victorjulien
userguide: add section about exception policies
21492a4 
This describes briefly what the exception policies are, what is the
engine's behavior, what options are available and to which parts are
they implemented.

Task OISF#5475
Task OISF#5515
@victorjulien
stream: fix reachable assertion
3570ec6 
Fix `Flow::thread_id` not always getting properly set up, leading to
a reachable assertion.

Bug OISF#4582.

(cherry picked from commit b06c057)
@victorjulien victorjulien requested review from jasonish, norg and a team as code owners September 26, 2022 20:29
@victorjulien victorjulien mentioned this pull request Sep 26, 2022
Closed
@suricata-qa
Copy link

ERROR:

ERROR: QA failed on SURI_TLPR1_alerts_cmp.

Pipeline 9496

@victorjulien victorjulien merged commit 3570ec6 into OISF:master-6.0.x Sep 27, 2022
This was referenced Sep 27, 2022
Closed
Closed
Closed
@victorjulien victorjulien deleted the next/60x/20220926/v7 branch September 29, 2022 08:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@norg norg Awaiting requested review from norg norg is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@victorjulien @suricata-qa @jasonish @catenacyber @jlucovsky @jufajardini