Skip to content

Backports/70x/v8#10278

Merged
victorjulien merged 3 commits intoOISF:main-7.0.xfrom
victorjulien:backports/70x/v8
Feb 6, 2024
Merged

Backports/70x/v8#10278
victorjulien merged 3 commits intoOISF:main-7.0.xfrom
victorjulien:backports/70x/v8

Conversation

@victorjulien
Copy link
Member

@victorjulien victorjulien commented Jan 30, 2024

backport of #10160

Did skip 87767fe as it caused various test failures.

@catenacyber @victorjulien
detect: avoids case of useless detection on txs
f19b3a8 
When a TCP flow packet has not led to app-layer updates,
it is useless to run DetectRunTx, as there cannot be new
matches.

This happens for instance, when one side sends in a row multiple
packets which are not acked (and thus not parsed in IDS mode).

Doing so requires to move up the call to
AppLayerParserSetTransactionInspectId
so that it is run the same times DetectRunTx is run, and not in the
case where the transaction was not updated.

Ticket: 6299
(cherry picked from commit 9240ae2)
@catenacyber @victorjulien
detect: merge sorted lists instead of qsort
f4910de 
Ticket: OISF#6299

Simply because it is faster (just linear).

This is for merging match_array into tx_candidates

(cherry picked from commit 5bb8800)
@catenacyber @victorjulien
mqtt: fix logic when setting event
3cdd500 
Especially sets transactions to complete when we get a response
without having seen the request, so that the transactions
end up getting cleaned (instead of living/leaking in the state).

Also try to set the event on the relevant transaction, instead
of creating a new transaction just for the purpose of having
the event.

Ticket: OISF#6299
(cherry picked from commit 89936b6)
@suricata-qa
Copy link

suricata-qa commented Jan 30, 2024

Information:

ERROR: QA failed on SURI_TLPW2_autofp_suri_time.

field baseline test %
SURI_TLPW2_autofp_stats_chk
.uptime 173 186 107.51%

Pipeline 17878

@victorjulien victorjulien mentioned this pull request Feb 3, 2024
Merged
@victorjulien victorjulien merged commit 3cdd500 into OISF:main-7.0.x Feb 6, 2024
@victorjulien
Copy link
Member Author

victorjulien commented Feb 6, 2024

Merged in #10308, thanks!

@victorjulien victorjulien deleted the backports/70x/v8 branch February 13, 2024 09:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jlucovsky jlucovsky jlucovsky approved these changes

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@victorjulien @suricata-qa @jlucovsky @catenacyber