next/733/20250219/v1 #12625
Merged
next/733/20250219/v1 #12625
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For setting s->init_data for flowbit rules impacted by `set`, we can first check whether this will be needed, and *then* walk over the flowbits array.
Flowbits can make a rule such as a packet rule be treated as a stateful rule, without actually changing the rule type. Add a flag to allow reporting such cases via engine analysis. Task OISF#7456
Ticket: 7560 When passing INT32_MIN aka 0x80000000, we cannot compute -vali as it does not fit into a i32
for flow.pkts and flow.bytes keywords Ticket: 7562 Avoid null deref when parsing flow.bytes:toserver;
Remove comparisons with true or false with C bools.
Some backend messages can be the shortest pgsql length possible, 4 bytes, but the parser expectd all messages to be longer than that. Related to Bug OISF#5524
The initial parsing for message type checking was more complex than needed be. Related to Bug OISF#5524
Building on top of work done by Jason Ish. Related to Bug OISF#5524
Even if unknown, if the message is properly parsed, allow the parser to proceed. Related to Bug OISF#5524
This allows the app-proto to continue onto parsing next PDUs, if possible. Bug OISF#5524
Events for: - parsing error when parsing pgsql packet length - parsing error for pgsql requests (post length parsing) - parsing error for pgsql responses (post length parsing) - too many transactions Include `pgsql-events.rules` file, and PGSQL events SID range definition Task OISF#5566
This may happen in some situations if the app-layer parser only sees unknown messages and sets an event: there will be an empty transaction, but nothing to log. Related to Task OISF#5566
Use the expanded form of localstatedir in autoconf.h instead of the
unexpanded one, the difference being:
#define LOCAL_STATE_DIR "${prefix}/var"
and
#define LOCAL_STATE_DIR "/usr/local/var"
assuming default ./configure arguments.
Fixes commit b6a610d.
victorjulien
requested review from
jufajardini,
jasonish and
a team
as code owners
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #12625 +/- ##
==========================================
+ Coverage 80.74% 80.77% +0.03%
==========================================
Files 931 932 +1
Lines 259144 259286 +142
==========================================
+ Hits 209242 209437 +195
+ Misses 49902 49849 -53
Flags with carried forward coverage won't be shown. Click here to find out more. |
catenacyber
approved these changes
Feb 19, 2025
|
Information: QA ran without warnings. Pipeline 24784 |
This was referenced Feb 19, 2025
This was referenced Feb 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Staging:
SV_BRANCH=OISF/suricata-verify#2306