Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

next/628/20241106/v1 #12094

Merged
merged 19 commits into from
Nov 7, 2024
Merged

next/628/20241106/v1 #12094

merged 19 commits into from
Nov 7, 2024

Conversation

victorjulien
Copy link
Member

catenacyber and others added 19 commits November 6, 2024 21:33
@catenacyber @victorjulien
transforms: move strip_whitespace to rust
4985ebc 
Ticket: 7229
@catenacyber @victorjulien
transforms: move compress_whitespace to rust
966f659 
Ticket: 7229
@catenacyber @victorjulien
transforms: move dotprefix to rust
71da38e 
Ticket: 7229
@catenacyber @victorjulien
transforms: move hash transforms to rust
0e5b49d 
md5, sha1 and sha256

Ticket: 7229
@catenacyber @victorjulien
transforms: move casechange to rust
f041457 
Ticket: 7229
@catenacyber @victorjulien
transforms: move http headers transforms to rust
45e0acf 
Ticket: 7229
@catenacyber @victorjulien
transforms: move xor to rust
8984bc6 
Ticket: 7229
@catenacyber @victorjulien
transforms: move urldecode to rust
63324b7 
Ticket: 7229
@victorjulien
rust: update crates
5bd2289
@victorjulien
smb2: use if let for read/write parsing
d535d7f
@victorjulien
smb: update to GAP handling
c2124f0 
Don't tag the session as gap'd when the GAP is in a precise location:

1. in "skip" data, where the GAP just fits the skip data

2. in file data, where we pass the GAP on to the file

This reduces load of GAP post-processing that is unnecessary in these
case.
@victorjulien
smb2: remove filename on close
85987aa 
Ticket: OISF#5672.
@victorjulien
smb1: remove name on close
23f2317 
Ticket: OISF#5672.
@victorjulien
smb: use lru for guid2name map; rename
91828ec 
Use `lru` crate. Rename to reflect this.

Add `app-layer.protocols.smb.max-guid-cache-size` to control the max
size of the LRU cache.

Ticket: OISF#5672.
@victorjulien
smb: use lru for ssn2vecoffset_map; rename
ce44d38 
Rename to read_offset_cache.

Add `app-layer.protocols.smb.max-read-offset-cache-size` option to
control the limit.

Ticket: OISF#5672.
@victorjulien
smb: use lru for ssn2tree; rename
0f23557 
Turn the map mapping the smb session key to smb tree into a lru cache,
limited to 1024 by default.

Add `app-layer.protocols.smb.max-tree-cache-size` option to control the
limit.

Ticket: OISF#5672.
@victorjulien
smb: use lru for ssnguid2vec_map; rename
ba7a4ec 
Reimplement the ssnguid2vec_map HashMap as a LruCache.

Since this is a DCERPC record cache, name it as such.

Default size is 128. Can be controlled by
`app-layer.protocols.smb.max-dcerpc-frag-cache-size`.

Ticket: OISF#5672.
@victorjulien
smb: use lru for ssn2vec_map
543429f 
Generic ssn2vec_map was a HashMap used for mapping session key to
different types of vector data:
- GUID
- filename
- share name

Turn this into a bounded LruCache. Rename to ssn2vec_cache.

Size of the cache is 512 by default, and can be configured using:

`app-layer.protocols.smb.max-session-cache-size`

Ticket: OISF#5672.
@victorjulien
doc/userguide: document smb cache size limit options
278dc24 
Ticket: OISF#5672.
@codecov Codecov
Copy link

codecov bot commented Nov 6, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 88.85794% with 120 lines in your changes missing coverage. Please review.

Project coverage is 83.23%. Comparing base (dd71ef0) to head (278dc24).
Report is 19 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12094      +/-   ##
==========================================
- Coverage   83.25%   83.23%   -0.03%     
==========================================
  Files         910      906       -4     
  Lines      257571   257647      +76     
==========================================
+ Hits       214450   214458       +8     
- Misses      43121    43189      +68
Flag Coverage Δ
fuzzcorpus 61.20% <79.78%> (+0.03%) ⬆️
livemode 19.42% <21.07%> (+0.01%) ⬆️
pcap 44.43% <48.38%> (-0.05%) ⬇️
suricata-verify 62.70% <73.33%> (-0.08%) ⬇️
unittests 59.28% <46.42%> (-0.07%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

jasonish
jasonish approved these changes Nov 6, 2024
View reviewed changes
Copy link
Member

@jasonish jasonish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have not reviewed the transform changes myself, but merge looks OK.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 23276

@victorjulien victorjulien merged commit 278dc24 into OISF:master Nov 7, 2024
61 checks passed
This was referenced Nov 7, 2024
Closed
Closed
@victorjulien victorjulien deleted the next/628/20241106/v1 branch November 7, 2024 05:44
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@jasonish jasonish jasonish approved these changes

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@victorjulien @suricata-qa @jasonish @catenacyber