Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

next/580/20240920/v1 #11804

Merged
merged 10 commits into from
Sep 20, 2024
Merged

next/580/20240920/v1 #11804

merged 10 commits into from
Sep 20, 2024

Conversation

victorjulien
Copy link
Member

jmtaylor90 and others added 10 commits September 20, 2024 11:49
@jmtaylor90 @victorjulien
doc: add note about big endian for icmp_seq match
f46a877
@catenacyber @victorjulien
detect: safety for app-layer logging of stream-only rules
de9413c 
If a stream-only rule matches, and we find a tx where we
want to log the app-layer data, store into the tx data that
we already logged, so that we do not log again the app-layer metadata

Ticket: 7085
@victorjulien
eve/flow: log flow state directly
b3ed752 
No need to first turn it into a flags field.
@victorjulien
eve/flow: turn error into debug assertion
51392a6 
In case this hits logging an error is harmful, better to silently
continue.

Remove use of `default` to help the compiler flag new enum additions.
@jufajardini @victorjulien
doc/configuration: improve emergency-recovery docs
ef63aa5 
When removing mentions to `prune-flows` a few inconsistencies for how
we write and refer to `emergency-recovery` were left behind, still.
@jufajardini @victorjulien
pgsql: apply rust fmt changes
7aeb718
@jufajardini @victorjulien
pgsql: order StateProgress enum per direction
3ba1794 
Related to
Bug OISF#7113
@jufajardini @victorjulien
pgsql: use new API style for extern C functions
2c7824a
@jufajardini @victorjulien
pgsql: track transaction progress per direction
dcccbb1 
PGSQL's current implementation tracks the transaction progress without
taking into consideration flow direction, and also has indirections
that make it harder to understand how the progress is tracked, as well
as when a request or response is actually complete.

This patch introduces tracking such progress per direction and adds
completion status per direction, too. This will help when triggering
raw stream reassembly or for unidirectional transactions, and may be
useful when we implement sub-protocols that can have multiple requests
per transaction, as well.

CancelRequests and TerminationRequests are examples of unidirectional
transactions. There won't be any responses to those requests, so we can
also mark the response side as done, and set their transactions as
completed.

Bug OISF#7113
@jufajardini @victorjulien
pgsql: trigger raw stream reassembly at tx completion
2b1ad81 
Once we are tracking tx progress per-direction for PGSQL, we can trigger
the raw stream reassembly, for detection purposes, as soon as the
transactions are completed in the given direction.

Task OISF#7000
@codecov Codecov
Copy link

codecov bot commented Sep 20, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 97.18876% with 14 lines in your changes missing coverage. Please review.

Please upload report for BASE (master@1420c83). Learn more about missing BASE report.
Report is 10 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff            @@
##             master   #11804   +/-   ##
=========================================
  Coverage          ?   82.59%           
=========================================
  Files             ?      919           
  Lines             ?   249091           
  Branches          ?        0           
=========================================
  Hits              ?   205738           
  Misses            ?    43353           
  Partials          ?        0
Flag Coverage Δ
fuzzcorpus 60.49% <93.07%> (?)
livemode 18.69% <5.19%> (?)
pcap 43.49% <8.87%> (?)
suricata-verify 61.94% <85.93%> (?)
unittests 59.00% <74.69%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

jufajardini
jufajardini approved these changes Sep 20, 2024
View reviewed changes
Copy link
Contributor

@jufajardini jufajardini left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • All original PRs approved
  • commits match
  • number of removed and added lines match
  • all checks pass

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 22757

@victorjulien victorjulien merged commit 2b1ad81 into OISF:master Sep 20, 2024
59 checks passed
This was referenced Sep 20, 2024
Closed
Closed
Closed
Closed
Closed
@victorjulien victorjulien deleted the next/580/20240920/v1 branch September 20, 2024 17:22
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@jufajardini jufajardini jufajardini approved these changes

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@victorjulien @suricata-qa @jufajardini @jmtaylor90 @catenacyber