Skip to content

mqtt: improve rule support for detection#11995

Closed
satta wants to merge 2 commits intoOISF:masterfrom
satta:7323-mqtt-directions
Closed

mqtt: improve rule support for detection#11995
satta wants to merge 2 commits intoOISF:masterfrom
satta:7323-mqtt-directions

Conversation

@satta
Copy link
Contributor

@satta satta commented Oct 20, 2024
edited
Loading

Contribution style:

Our Contribution agreements:

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7323

Describe changes:

  • Include payloads of SUBACK in the detection of reason codes as well. This was missing before. Thanks @catenacyber for the hint.
  • Revisit detection directions and adjust toclient/toserver flags considering that some messages can also be sent from the broker to the client.

SV_REPO=
SV_BRANCH=OISF/suricata-verify#2106
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

@satta satta requested a review from jasonish as a code owner October 20, 2024 09:35
@codecov
Copy link

codecov bot commented Oct 20, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.40%. Comparing base (55b922c) to head (bdd20ff).
Report is 46 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11995      +/-   ##
==========================================
+ Coverage   82.75%   83.40%   +0.64%     
==========================================
  Files         910      910              
  Lines      249016   257618    +8602     
==========================================
+ Hits       206069   214855    +8786     
+ Misses      42947    42763     -184
Flag Coverage Δ
fuzzcorpus 61.55% <100.00%> (+0.73%) ⬆️
livemode 19.38% <50.00%> (+0.67%) ⬆️
pcap 44.44% <50.00%> (+0.31%) ⬆️
suricata-verify 62.77% <100.00%> (+0.48%) ⬆️
unittests 59.36% <50.00%> (+0.35%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@jufajardini jufajardini mentioned this pull request Oct 24, 2024
Closed
jufajardini
jufajardini reviewed Oct 24, 2024
View reviewed changes
Copy link
Contributor

@jufajardini jufajardini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, do you think that the patch for the direction, that Philippe mentioned in the ticket, should also be added?

@satta
Copy link
Contributor Author

satta commented Oct 24, 2024

Thanks, do you think that the patch for the direction, that Philippe mentioned in the ticket, should also be added?

Absolutely, working on it right now -- will then update this PR and open it for review.

@satta satta changed the title Draft: mqtt: improve rule support for detection mqtt: improve rule support for detection Oct 24, 2024
@satta
Copy link
Contributor Author

satta commented Oct 24, 2024

Removed draft status.

jufajardini
jufajardini approved these changes Oct 25, 2024
View reviewed changes
Copy link
Contributor

@jufajardini jufajardini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From what I can understand, this looks good, thank you. :)

@victorjulien victorjulien added this to the 8.0 milestone Nov 4, 2024
@victorjulien victorjulien mentioned this pull request Nov 5, 2024
Merged
@victorjulien
Copy link
Member

victorjulien commented Nov 5, 2024

Merged in #12088, thanks!

@satta satta deleted the 7323-mqtt-directions branch November 6, 2024 09:52
@catenacyber
Copy link
Contributor

catenacyber commented Nov 7, 2024

Thanks @satta :-)

@satta
Copy link
Contributor Author

satta commented Nov 7, 2024

Thanks for finding these! 🤝

@catenacyber catenacyber mentioned this pull request Nov 27, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jufajardini jufajardini jufajardini approved these changes

@victorjulien victorjulien victorjulien approved these changes

@jasonish jasonish Awaiting requested review from jasonish

Assignees

No one assigned

Labels

None yet

Milestone

8.0

Development

Successfully merging this pull request may close these issues.

4 participants

@satta @victorjulien @catenacyber @jufajardini