Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

next/739/20250219/v1 #12631

Merged
merged 11 commits into from
Feb 20, 2025
Merged

next/739/20250219/v1 #12631

merged 11 commits into from
Feb 20, 2025

Conversation

victorjulien
Copy link
Member

@catenacyber @victorjulien
http: aliases for opaque htp_tx_data_t
e079604 
In preparation of libhtp rust
@catenacyber @victorjulien
http: aliases for opaque htp_conn_t
486bdc9 
In preparation of libhtp rust
@catenacyber @victorjulien
http: constify some variables
62a4254 
In preparation of libhtp rust
@catenacyber @victorjulien
http: aliases for htp log code
9e73de3 
In preparation of libhtp rust
@catenacyber @victorjulien
htp: macro hygiene
649f30b 
make clang-tidy happy even if unneeded for the temporary workaround
@catenacyber @victorjulien
quic: rustfmt
294a33a
@catenacyber @victorjulien
quic: move all_consuming check to callee
ee04d66 
Will alow to have decode_frames accept one additional parameter
with past fragment data
@catenacyber @victorjulien
quic: parse ack frame number 3
68adc87 
cf rfc9000 section 19.3. ACK Frames

Ticket: 7556
@catenacyber @victorjulien
quic: handle fragmented hello over multiple packets
f295cc0 
Ticket: 7556

To do so, we need to add 2 buffers (one for each direction)
to the QuicState structure, so that on parsing the second packet
with hello/crypto fragment, we still have the data of the first
hello/crypto fragment.

Use a hardcoded limit so that these buffers cannot grow indefinitely
and set an event when reaching the limit
@catenacyber @victorjulien
quic: handle retry packets
6d8910d 
Ticket: 7556
@catenacyber @victorjulien
quic: decrypt only initial packets
d61f36c 
Ticket: 7556

Avoids failed_decrypt events when the first packet seen is not
a Quic Initial packet
@victorjulien victorjulien requested review from catenacyber and a team as code owners February 19, 2025 19:32
@codecov Codecov
Copy link

codecov bot commented Feb 19, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 93.48659% with 17 lines in your changes missing coverage. Please review.

Project coverage is 80.76%. Comparing base (6fc617c) to head (d61f36c).
Report is 11 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12631      +/-   ##
==========================================
- Coverage   80.77%   80.76%   -0.02%     
==========================================
  Files         932      932              
  Lines      259286   259381      +95     
==========================================
+ Hits       209437   209484      +47     
- Misses      49849    49897      +48
Flag Coverage Δ
fuzzcorpus 57.00% <76.17%> (-0.01%) ⬇️
livemode 19.36% <5.46%> (-0.02%) ⬇️
pcap 44.15% <87.10%> (+<0.01%) ⬆️
suricata-verify 63.48% <89.45%> (+<0.01%) ⬆️
unittests 58.33% <61.68%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPW1_stats_chk
.app_layer.error.quic.parser 35 0 -
.app_layer.tx.quic 995 1030 103.52%
SURI_TLPR1_stats_chk
.uptime 648 627 96.76%

Pipeline 24803

@inashivb
Copy link
Member

WARNING:
field baseline test %
SURI_TLPW1_stats_chk
.app_layer.error.quic.parser 35 0 -
.app_layer.tx.quic 995 1030 103.52%
SURI_TLPR1_stats_chk
.uptime 648 627 96.76%

Pipeline 24803

QA never finished running on the staged PR. Are these stats deviations expected? #12617 ran w/o warnings

@victorjulien
Copy link
Member Author

QA never finished running on the staged PR. Are these stats deviations expected? #12617 ran w/o warnings

I'd say yes, as the whole point of this effort was to get rid of parsing errors on valid traffic. It might be good to get pcaps from TLPW1 to confirm, but I'd like to get this merged in the meantime. We can do further refinement incrementally if necessary.

inashivb
inashivb approved these changes Feb 20, 2025
View reviewed changes
Copy link
Member

@inashivb inashivb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

@victorjulien
Copy link
Member Author

@ct0br0 can you extract those pcaps and share them with @catenacyber ?

Additionally, can you prep the baseline update? Thanks!

@victorjulien victorjulien added the needs baseline update QA will need a new base line label Feb 20, 2025
@victorjulien victorjulien merged commit d61f36c into OISF:master Feb 20, 2025
60 checks passed
This was referenced Feb 20, 2025
Closed
Closed
@victorjulien victorjulien deleted the next/739/20250219/v1 branch February 20, 2025 16:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@inashivb inashivb inashivb approved these changes

@catenacyber catenacyber Awaiting requested review from catenacyber catenacyber is a code owner

Assignees
No one assigned
Labels
needs baseline update QA will need a new base line
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@victorjulien @suricata-qa @inashivb @catenacyber