Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

next/742/20250221/v1 #12653

Merged
merged 11 commits into from
Feb 21, 2025
Merged

next/742/20250221/v1 #12653

merged 11 commits into from
Feb 21, 2025

Conversation

victorjulien
Copy link
Member

catenacyber and others added 11 commits February 21, 2025 14:57
@catenacyber @victorjulien
util: fix -Wshorten-64-to-32 warnings
359f736 
Ticket: OISF#6186
@AkakiAlice @victorjulien
misc: fix name prefix in detect register functions
7b350e9
@AkakiAlice @victorjulien
doc: replace 'eve' with 'EVE' in the LDAP keywords documentation
31ee18b
@AkakiAlice @victorjulien
doc: use the ldap protocol in rule examples in the LDAP keywords docu…
8f807fc 
…mentation
@AkakiAlice @victorjulien
detect: add ldap.request.dn
16dcee4 
ldap.request.dn matches on LDAPDN from request operations
This keyword maps the following eve fields:
ldap.request.bind_request.name
ldap.request.add_request.entry
ldap.request.search_request.base_object
ldap.request.modify_request.object
ldap.request.del_request.dn
ldap.request.mod_dn_request.entry
ldap.request.compare_request.entry
It is a sticky buffer
Supports prefiltering

Ticket: OISF#7471
@AkakiAlice @victorjulien
detect: add ldap.responses.dn
73ae6e9 
ldap.responses.dn matches on LDAPDN from responses operations
This keyword maps the following eve fields:
ldap.responses[].search_result_entry.base_object
ldap.responses[].bind_response.matched_dn
ldap.responses[].search_result_done.matched_dn
ldap.responses[].modify_response.matched_dn
ldap.responses[].add_response.matched_dn
ldap.responses[].del_response.matched_dn
ldap.responses[].mod_dn_response.matched_dn
ldap.responses[].compare_response.matched_dn
ldap.responses[].extended_response.matched_dn
It is a sticky buffer
Supports prefiltering

Ticket: OISF#7471
@jasonish @victorjulien
rust/bindgen: use temp file to generating bindings
4cdb879 
Prefixing a file with sed doesn't appear to be portable. Instead, make
use of a temporary file.

Fixes generating the bindings on FreeBSD and Mac.
@inashivb @victorjulien
dcerpc: add iface to dcerpc request event
a551674 
so as to avoid extra steps for correlation among events to find
this information.

Feature 7565
@jlucovsky @victorjulien
detect/transform: Refactor setup/apply pattern
e45204a 
git grep -A 1 -w InspectionBufferSetup shows many cases of the following
call patterns:
    - InspectionBufferSetup
    - InspectionBufferApplyTransforms

Refactor the implementations of those functions into
InspectionBufferSetupAndApplyTransforms to reduce function call count.

Issue: 2290 (related to changed for this issue)
@catenacyber @victorjulien
quic: discard late retry packets
726de55 
Ticket: 7556

See RFC 9000 section 17.2.5.2 :
After the client has received and processed an Initial
or Retry packet from the server,
it MUST discard any subsequent Retry packets that it receives.
@catenacyber @victorjulien
rust: fix clippy 1.85 precedence warnings
3bc2a14 
warning: operator precedence can trip the unwary
   --> src/jsonbuilder.rs:781:36
    |
781 |                 buf[offset] = HEX[(x >> 4 & 0xf) as usize];
    |                                    ^^^^^^^^^^^^ help: consider parenthesizing your expression: `(x >> 4) & 0xf`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#precedence
    = note: `#[warn(clippy::precedence)]` on by default
@codecov Codecov
Copy link

codecov bot commented Feb 21, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 87.81609% with 53 lines in your changes missing coverage. Please review.

Project coverage is 80.77%. Comparing base (d61f36c) to head (3bc2a14).
Report is 11 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12653      +/-   ##
==========================================
+ Coverage   80.76%   80.77%   +0.01%     
==========================================
  Files         932      932              
  Lines      259381   259517     +136     
==========================================
+ Hits       209484   209629     +145     
+ Misses      49897    49888       -9
Flag Coverage Δ
fuzzcorpus 56.99% <58.52%> (-0.02%) ⬇️
livemode 19.37% <19.81%> (+0.01%) ⬆️
pcap 44.15% <48.84%> (+<0.01%) ⬆️
suricata-verify 63.51% <79.08%> (+0.02%) ⬆️
unittests 58.32% <35.25%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

jasonish
jasonish approved these changes Feb 21, 2025
View reviewed changes
Copy link
Member

@jasonish jasonish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Staging looks OK.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 24847

@victorjulien victorjulien merged commit 3bc2a14 into OISF:master Feb 21, 2025
60 checks passed
This was referenced Feb 21, 2025
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@victorjulien victorjulien deleted the next/742/20250221/v1 branch February 21, 2025 21:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish jasonish approved these changes

@catenacyber catenacyber Awaiting requested review from catenacyber catenacyber is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@victorjulien @suricata-qa @jasonish @catenacyber @AkakiAlice @inashivb @jlucovsky