Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Next/60x/20230608/v2 #8995

Merged
merged 9 commits into from Jun 9, 2023
Merged

Next/60x/20230608/v2 #8995

merged 9 commits into from Jun 9, 2023

Conversation

victorjulien
Copy link
Member

inashivb and others added 9 commits June 6, 2023 16:14
@inashivb
ftp: separate truncated line markers
544ac30 
So far, we store one variable in state to hold whether we want to
discard a long line till LF irrespective of direction. This means that a
long command to the client followed by a regular command w LF can be
considered as one long line which is incorrect.

Bug 6055
@inashivb
ftp: don't decrement truncated line len
1b9e4fb 
In case LF was found for a long line way outside of the limit, we should
not need to update the delimiter len and current line len because the
line is capped at 4k and the LF was not within these 4k bytes.
@jasonish @victorjulien
windows: add -lntdll to Windows builds
13dbb5d 
Rust 1.70 has introduced some possible issues between LLVM and gcc
causing link errors that are fixed by explicitly adding -lntdll.

Thanks to extendr/rextendr#285 for the fix.
@victorjulien
stream: update no-flow checks
e275a1e 
(cherry picked from commit 0360cb6)
@victorjulien
counters: make tcp stats independent of flow, ssn
b46d541 
Counters depended on availability of flow and tcp session, meaning
that 2 memcaps could affect the counters.

Bug: OISF#5017.
(cherry picked from commit 36f6e05)
@jasonish @victorjulien
dns: mark test buffers with rustfmt::skip
66b36f4 
(cherry picked from commit 39d2524)
@jasonish @victorjulien
dns: parse and alert on invalid opcodes
dbaf63d 
Accept DNS messages with an invalid opcode that are otherwise
valid. Such DNS message will create a parser event.

This is a change of behavior, previously an invalid opcode would cause
the DNS message to not be detected or parsed as DNS.

Issue: OISF#5444
(cherry picked from commit c98c49d)
@jasonish @victorjulien
dns: validate header on every incoming message
0b283ef 
As UDP streams getting probed, a stream that does not appear to be DNS
at first, may have a single packet that does look close enough to DNS
to be picked up as DNS causing every subsequent packet to result in a
parser error.

To mitigate this, probe every incoming DNS message header for validity
before continuing onto the body.  If the header doesn't validate as
DNS, just ignore the packet so no parse error is registered.

(cherry picked from commit 595700a)
@jasonish @victorjulien
dns: split header and body parsing
2e4aade 
As part of extra header validation, split out DNS body parsing to
avoid the overhead of parsing the header twice.

(cherry picked from commit d720ead)
@victorjulien victorjulien requested review from jasonish and a team as code owners June 8, 2023 18:34
@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPR1_stats_chk
.flow.memuse 579234048 1001635328 172.92%
.tcp.synack 6809615 6047299 88.81%
.tcp.rst 4872947 4600901 94.42%

Pipeline 14331

@victorjulien victorjulien merged commit 2e4aade into OISF:master-6.0.x Jun 9, 2023
25 of 27 checks passed
This was referenced Jun 9, 2023
Closed
Closed
@victorjulien victorjulien deleted the next/60x/20230608/v2 branch June 16, 2023 07:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
4 participants
@victorjulien @suricata-qa @inashivb @jasonish