Skip to content

next/276/70x/20240203/v1#10308

Merged
victorjulien merged 3 commits intoOISF:main-7.0.xfrom
victorjulien:next/276/70x/20240203/v1
Feb 6, 2024
Merged

next/276/70x/20240203/v1#10308
victorjulien merged 3 commits intoOISF:main-7.0.xfrom
victorjulien:next/276/70x/20240203/v1

Conversation

@victorjulien
Copy link
Member

@victorjulien victorjulien commented Feb 3, 2024

@catenacyber @victorjulien
detect: avoids case of useless detection on txs
f19b3a8 
When a TCP flow packet has not led to app-layer updates,
it is useless to run DetectRunTx, as there cannot be new
matches.

This happens for instance, when one side sends in a row multiple
packets which are not acked (and thus not parsed in IDS mode).

Doing so requires to move up the call to
AppLayerParserSetTransactionInspectId
so that it is run the same times DetectRunTx is run, and not in the
case where the transaction was not updated.

Ticket: 6299
(cherry picked from commit 9240ae2)
@catenacyber @victorjulien
detect: merge sorted lists instead of qsort
f4910de 
Ticket: OISF#6299

Simply because it is faster (just linear).

This is for merging match_array into tx_candidates

(cherry picked from commit 5bb8800)
@catenacyber @victorjulien
mqtt: fix logic when setting event
3cdd500 
Especially sets transactions to complete when we get a response
without having seen the request, so that the transactions
end up getting cleaned (instead of living/leaking in the state).

Also try to set the event on the relevant transaction, instead
of creating a new transaction just for the purpose of having
the event.

Ticket: OISF#6299
(cherry picked from commit 89936b6)
@codecov
Copy link

codecov bot commented Feb 3, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (cc6319b) 82.22% compared to head (3cdd500) 82.29%.

Additional details and impacted files 
@@              Coverage Diff               @@
##           main-7.0.x   #10308      +/-   ##
==============================================
+ Coverage       82.22%   82.29%   +0.07%     
==============================================
  Files             975      975              
  Lines          274789   274776      -13     
==============================================
+ Hits           225937   226131     +194     
+ Misses          48852    48645     -207
Flag Coverage Δ
fuzzcorpus 63.55% <100.00%> (+0.25%) ⬆️
suricata-verify 61.21% <85.54%> (-0.03%) ⬇️
unittests 62.90% <42.85%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

suricata-qa commented Feb 4, 2024

WARNING:

field baseline test %
SURI_TLPW1_stats_chk
.flow.spare 999884 1101112 110.12%
SURI_TLPR1_stats_chk
.http.memuse 420960 375904 89.3%

Pipeline 18066

jufajardini
jufajardini approved these changes Feb 5, 2024
View reviewed changes
Copy link
Contributor

@jufajardini jufajardini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unless the QA lab warnings are cause of worry, this looks good to me.
Has all commits from the original PR (except the one that was skipped), nothing looks wrong.

@victorjulien victorjulien merged commit 3cdd500 into OISF:main-7.0.x Feb 6, 2024
@victorjulien victorjulien mentioned this pull request Feb 6, 2024
Merged
@victorjulien victorjulien deleted the next/276/70x/20240203/v1 branch February 6, 2024 16:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish jasonish approved these changes

@jufajardini jufajardini jufajardini approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@victorjulien @suricata-qa @jasonish @jufajardini @catenacyber