dns: improved handling of corrupt additionals #11752
Conversation
Ticket: 7228 That means log the rest of queries and answers, even if the final field additionals is corrupt. Set an event in this case.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #11752 +/- ##
==========================================
- Coverage 82.63% 82.62% -0.02%
==========================================
Files 919 919
Lines 248943 248971 +28
==========================================
- Hits 205716 205704 -12
- Misses 43227 43267 +40
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Information: ERROR: QA failed on SURI_TLPR1_alerts_cmp.
Pipeline 22522 |
|
@ct0br0 could I get the pcap for the 30 flows with app_layer.error.dns_tcp.parser ? |
|
ya, will try to extract those in a few. |
| match authorities_parsed { | ||
| Ok((i, authorities_ok)) => { | ||
| authorities = authorities_ok; | ||
| i_next = i; | ||
| } | ||
| _ =>{ | ||
| invalid_authorities = true; | ||
| } | ||
| } |
There was a problem hiding this comment.
nit: if let Ok would look better to the eye.
There was a problem hiding this comment.
Indeed, will do
I get 0 errors with master instead of 30 as reported by QA. |
|
Next in #11785 |
Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7228
Describe changes:
Provide values to any of the below to override the defaults.
SV_BRANCH=OISF/suricata-verify#2032
#11746 with review taken into account like using
invalidinstead ofcorrupt