Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport/bug/5934 determining engine mode v6 #8655

Closed
wants to merge 2 commits into from
Closed

Backport/bug/5934 determining engine mode v6 #8655

wants to merge 2 commits into from

Conversation

lukashino
Copy link
Contributor

Follow-up of #8649

https://redmine.openinfosecfoundation.org/issues/5934
https://redmine.openinfosecfoundation.org/issues/5958

Describe changes:

  • new engine mode - unknown - to determine when the engine mode is queried uninitialized
  • bpf evaluates IPS mode later on - AF_PACKET and NETMAP permits usage of BPF filters in IPS mode, PF-RING prohibits the usage
  • refactor BPF checks in individual capture interfaces

Lukas Sismis added 2 commits March 30, 2023 16:50
@lukashino
bpf: postpone BPF check for IPS runmode
06f3acf 
Ticket: OISF#5958
@lukashino
runmodes: Determine engine's copy-mode as early as possible
add2ed7 
Configuration and behavior of HTP app layer depends on the copy
mode of Suricata engine. Copy mode was set after the app layer setup.
Decision of engine's copy mode operation is now made earlier.

Initializing engine mode with a value of unknown signals a bug when
the engine mode has not been determined but is already queried by
other functions.

Ticket: OISF#5934
@lukashino lukashino requested a review from a team as a code owner March 30, 2023 14:54
@lukashino lukashino mentioned this pull request Mar 30, 2023
Closed
victorjulien
victorjulien reviewed Mar 30, 2023
View reviewed changes
src/suricata.c
@@ -246,13 +246,24 @@ int SuriHasSigFile(void)
return (suricata.sig_file != NULL);
}

int EngineModeIsUnknown(void)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like to see this appear first in a PR to master, only to be backported if needed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added in #8663

@suricata-qa
Copy link

Information:

ERROR: QA failed on SURI_TLPW1_files_sha256.

field baseline test %
SURI_TLPW1_stats_chk
.tcp.overlap 23728 32191 135.67%

Pipeline 12930

@lukashino lukashino mentioned this pull request May 3, 2023
Closed
@lukashino
Copy link
Contributor Author

Continues in #8801

@lukashino lukashino closed this May 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien left review comments

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@lukashino @suricata-qa @victorjulien