-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Printable/v13 #9885
Printable/v13 #9885
Conversation
Needed a workaround cast for RBTREE use.
Modeled after the same option in eve/alert. Defaults to 4k.
This avoids looping over partly duplicate segments that cause output data corruption by logging parts of the stream data multiple times. For data with GAPs now add a indicator '[4 bytes missing]' similar to how Wireshark does it. Bug: OISF#6553.
Don't init buffer to 0 size but use the desired default of 4k.
In preparation of stream logging changes.
Log using stream callback API, meaning that data will also be logged if there are GAPs. Also implement GAP indicators: '[123 bytes missing]'.
For better readability and type checking.
ssn, stream, FrameJsonStreamDataCallback, &cbd, frame->offset, &unused, false); | ||
/* if we have all data, but didn't log until the end of the frame, we have a gap at the | ||
* end of the frame | ||
* TODO what about not logging due to buffer full? */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could perhaps end with something like [3124 more bytes]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
or simpler, just something like [...]
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## master #9885 +/- ##
==========================================
- Coverage 82.45% 82.43% -0.02%
==========================================
Files 972 972
Lines 273057 273102 +45
==========================================
- Hits 225156 225143 -13
- Misses 47901 47959 +58
Flags with carried forward coverage won't be shown. Click here to find out more. |
Information: QA ran without warnings. Pipeline 16719 |
Replaced by #10261 |
https://redmine.openinfosecfoundation.org/issues/6553
SV_BRANCH=OISF/suricata-verify#1493
replaces #9854