Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dataset ops v2.8 #8043

Closed
wants to merge 18 commits into from
Closed

Dataset ops v2.8 #8043

wants to merge 18 commits into from

Conversation

regit
Copy link
Contributor

@regit regit commented Oct 20, 2022

Rebase of #8032 with fix following comments

Link to redmine ticket:

Describe changes:

  • rebase
  • squash 2 commits
  • fix FatalErrorOnInit error code

suricata-verify-pr: 963

regit and others added 18 commits October 18, 2022 13:50
@regit
datasets: add dump via unix socket
b3e2b01 
This patch adds a dataset-dump command to the list of unix socket
commands. Implementation is not optimal as we are locking the
datasets when doing the dump. But if we consider that the current
alternative from an implementation point of view is to stop Suricata
then this is far better than current state.

Ticket: OISF#5184
@regit
doc: document dataset-dump command
8bf2b81 
Ticket: OISF#5184
@regit
datasets: add dataset-clear command
3093847 
Ticket: OISF#5184
@regit
suricatasc: add dataset-clear command
90e3da0 
Ticket: OISF#5184
@regit
doc: add dataset-clear command
487ad6e 
Ticket: OISF#5184
@regit
datasets: add dataset-lookup command
9b90b24 
Ticket: OISF#5184
@regit
suricatasc: add dataset-lookup command
ee3803b 
Ticket: OISF#5184
@regit
doc: document dataset-lookup
c5f73bc 
Ticket: OISF#5184
@regit
datasets: factorize serialised operations
2940142 
Ticket: OISF#5184
@regit
datasets: introduce ipv4 type
d9fdadd 
This patch introduce the IPv4 type for dataset so Suricata commandmatch
on a set of IPv4 addresses. This is meant to complement iprep feature
for people that needs more flexibility such as settings the IP on
the packet path.

Feature: OISF#5383
@regit
detect: add ip.src keyword
4bf3c2e 
It is a sticky buffer matching on src_ip.

Feature: OISF#5383
@regit
detect: add ip.dst keyword as sticky buffer
dd2a674 
Feature: OISF#5383
@regit
datasets: introduce new IPv6 type
9d0b908 
This patch also simplifies IPv6 parsing.

Feature: OISF#5383
@regit
doc: document new dataset types
4309cfb 
Feature: OISF#5383
@regit
doc: add ip.dst and ip.src doc
5abc7cf
@regit
detect: doc link for ip.src and ip.dst
bca528a
@regit
datasets: don't exit on invalid data
cab522b
@regit
doc: add reference to ipaddr in IP matching
7684b89
@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPR1_stats_chk
.flow.spare 2202676 2071286 94.03%
.flow.memuse 557245568 662243008 118.84%
TREX_GENERIC_stats_chk
.capture.kernel_drops 0 46634 -
.flow.end.tcp_state.syn_sent 0 101 -
.flow.end.tcp_state.syn_recv 0 1 -
.flow.end.tcp_state.fin_wait1 0 10 -
.flow.end.tcp_state.fin_wait2 0 6 -
.flow.end.tcp_state.time_wait 0 10 -
.flow.end.tcp_state.last_ack 0 6 -
.flow.end.tcp_state.close_wait 0 19 -
.tcp.reassembly_gap 80952 90985 112.39%
.app_layer.error.http.parser 0 9 -
.app_layer.error.ftp.gap 0 4 -
.app_layer.error.smtp.gap 0 18 -
.app_layer.error.dcerpc_tcp.parser 0 10 -

Pipeline 10112

@victorjulien victorjulien mentioned this pull request Oct 27, 2022
Merged
@victorjulien
Copy link
Member

Merged in #8097, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@inashivb inashivb Awaiting requested review from inashivb inashivb is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@regit @suricata-qa @victorjulien