Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Decouple stream bypass from TLS encrypted bypass v3 #11801

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Decouple stream bypass from TLS encrypted bypass v3 #11801

wants to merge 4 commits into from
+85 −32

Conversation

lukashino
Copy link
Contributor

Following up on #10464

Redmine ticket: https://redmine.openinfosecfoundation.org/issues/6788

Describe changes:

  • added SSH app-layer option encryption-handling allowing to choose whether to continue inspection on SSH once it turns encrypted
  • added SV tests
  • minor docs updates

SV_BRANCH=OISF/suricata-verify#2047

Lukas Sismis and others added 4 commits September 19, 2024 10:18
@lukashino
ssh: add option to select behavior of encrypted parts
f52df6f 
Ticket: 6788
@msdean @lukashino
stream: decouple stream.bypass dependency from tls bypass
15c6a46 
Decouple app.protocols.tls.encryption-handling and stream.bypass.
There's no apparent reason why encrypted TLS bypass traffic should
depend on stream bypass, as these are unrelated features.

Ticket: 6788
@lukashino
doc: remove trailing spaces in DPDK section
2b672d8
@lukashino
ssh: sync the hassh setting with the defaults
c45d514
@lukashino lukashino mentioned this pull request Sep 19, 2024
Closed
3 tasks
@github-actions GitHub Actions
Copy link

NOTE: This PR may contain new authors.

@codecov Codecov
Copy link

codecov bot commented Sep 19, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 89.28571% with 3 lines in your changes missing coverage. Please review.

Please upload report for BASE (master@1420c83). Learn more about missing BASE report.

Additional details and impacted files 
@@            Coverage Diff            @@
##             master   #11801   +/-   ##
=========================================
  Coverage          ?   82.59%           
=========================================
  Files             ?      919           
  Lines             ?   249030           
  Branches          ?        0           
=========================================
  Hits              ?   205675           
  Misses            ?    43355           
  Partials          ?        0
Flag Coverage Δ
fuzzcorpus 60.44% <32.14%> (?)
livemode 18.71% <17.85%> (?)
pcap 44.14% <32.14%> (?)
suricata-verify 61.91% <89.28%> (?)
unittests 58.98% <32.14%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

@msdean
Copy link

msdean commented Sep 19, 2024

Awesome, thank you for picking this up.

@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPR1_stats_chk
.uptime 649 626 96.46%
.flow.end.state.local_bypassed 26013 17669 67.92%

Pipeline 22744

@lukashino
Copy link
Contributor Author

I believe this is due to SSH connections not being bypassed, if the config has stream bypass configured then SSH encryption handling setting would also need to be changed to bypass to get back to the same results. The default value is to not bypass SSH connections.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@catenacyber catenacyber Awaiting requested review from catenacyber catenacyber is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lukashino @msdean @suricata-qa