Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Printable/v13 #9885

Closed
wants to merge 14 commits into from
Closed

Printable/v13 #9885

wants to merge 14 commits into from

Conversation

victorjulien
Copy link
Member

https://redmine.openinfosecfoundation.org/issues/6553

SV_BRANCH=OISF/suricata-verify#1493

replaces #9854

  • rebase
  • reimplement frame logging
  • membuffer cleanups
  • minor fixes and cleanups

@victorjulien
yaml: remove newline from error message
eeb7fa2
@victorjulien
stream: const args for StreamReassembleLog
eefcd47 
Needed a workaround cast for RBTREE use.
@victorjulien
eve/frame: implement payload-buffer-size option
7b07571 
Modeled after the same option in eve/alert. Defaults to 4k.
@victorjulien
eve/alert: log payload directly from stream buffer
66f3ae4 
This avoids looping over partly duplicate segments that cause
output data corruption by logging parts of the stream data multiple
times.

For data with GAPs now add a indicator '[4 bytes missing]' similar
to how Wireshark does it.

Bug: OISF#6553.
@victorjulien
eve/alert: init membuffer size on missing config
ad43f98 
Don't init buffer to 0 size but use the desired default of 4k.
@victorjulien
eve/frames: pass membuffer to API
22b2193 
In preparation of stream logging changes.
@victorjulien
eve/frame: improve frame payload logging
e9c474f 
Log using stream callback API, meaning that data will also
be logged if there are GAPs.

Also implement GAP indicators: '[123 bytes missing]'.
@victorjulien
unix-manager: add \n string to buffer using correct API call
468516a
@victorjulien
membuffer: turn complex macros into functions
0f5e16a 
For better readability and type checking.
@victorjulien
membuffer: use buffer pointer as flexible array member
f3927f2
@victorjulien
membuffer: return bytes written
d848d32
@victorjulien
eve/frame: break out of logging callback if buffer is full
8deb587
@victorjulien
eve/alert: break out of payload logging callback if buffer is full
70088a8
@victorjulien
membuffer: annotate printf style function
8cdb514
victorjulien
victorjulien commented Nov 24, 2023
View reviewed changes
src/output-json-frame.c
ssn, stream, FrameJsonStreamDataCallback, &cbd, frame->offset, &unused, false);
/* if we have all data, but didn't log until the end of the frame, we have a gap at the
* end of the frame
* TODO what about not logging due to buffer full? */
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could perhaps end with something like [3124 more bytes]

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or simpler, just something like [...]

@codecov Codecov
Copy link

codecov bot commented Nov 24, 2023

Codecov Report

Merging #9885 (8cdb514) into master (d005fff) will decrease coverage by 0.02%.
The diff coverage is 85.33%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9885      +/-   ##
==========================================
- Coverage   82.45%   82.43%   -0.02%     
==========================================
  Files         972      972              
  Lines      273057   273102      +45     
==========================================
- Hits       225156   225143      -13     
- Misses      47901    47959      +58
Flag Coverage Δ
fuzzcorpus 64.35% <80.66%> (-0.02%) ⬇️
suricata-verify 61.10% <84.00%> (+0.01%) ⬆️
unittests 62.91% <0.66%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@victorjulien
Copy link
Member Author

Some examples:
https://github.com/OISF/suricata-verify/pull/1493/files#diff-aeec7dad229d116ae9cf51d827b8eb996531daf94c75fed3a87aa58a5c033575R30

https://github.com/OISF/suricata-verify/pull/1493/files#diff-6e0eb101fa5e4a71a07ef0391a448fc47528de8efc98d5a93f4115ebbbcde938R27

https://github.com/OISF/suricata-verify/pull/1493/files#diff-3e627fb7bf9154c875467fc406246d519b9fdf5b58e9b4614d0f90be75adf076R50

https://github.com/OISF/suricata-verify/pull/1493/files#diff-c916c1b31d68706709aef64076b156d7850a89a2eb49bfd458ebb9147a34db39R15

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 16719

@victorjulien victorjulien mentioned this pull request Nov 27, 2023
Closed
@victorjulien
Copy link
Member Author

Replaced by #10261

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
2 participants
@victorjulien @suricata-qa