Skip to content

app-layer: track modified/processed txs (backport7 v2)#12592

Closed
catenacyber wants to merge 1 commit intoOISF:main-7.0.xfrom
catenacyber:tx-track-modif-7087-backport7.2
Closed

app-layer: track modified/processed txs (backport7 v2)#12592
catenacyber wants to merge 1 commit intoOISF:main-7.0.xfrom
catenacyber:tx-track-modif-7087-backport7.2

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Feb 17, 2025

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7087

Describe changes:

Not a clean cherry-pick
Conflicts:
rust/src/applayer.rs
rust/src/enip/enip.rs
rust/src/ldap/ldap.rs
src/app-layer-smtp.c

enip.rs and ldap.rs are only in 8

Other conflict fixes while just taking the changes brought by this commit, not the ones which were done nearby in recent work

#12293 without the list of conflicts in the commit message

@catenacyber
app-layer: track modified/processed txs
ed49927 
To optimize detection, and logging, to avoid going through
all the live transactions when only a few were modified.

Two boolean fields are added to the tx data: updated_tc and ts
The app-layer parsers are now responsible to set these when
needed, and the logging and detection uses them to skip
transactions that were not updated.

There may some more optimization remaining by when we set
both updated_tc and updated_ts in functions returning
a mutable transaction, by checking if all the callers
are called in one direction only (request or response)

Ticket: 7087
(cherry picked from commit b02557a)
@catenacyber catenacyber mentioned this pull request Feb 17, 2025
Closed
@codecov
Copy link

codecov bot commented Feb 17, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 97.39130% with 3 lines in your changes missing coverage. Please review.

Project coverage is 83.27%. Comparing base (0bc09ea) to head (ed49927).
Report is 18 commits behind head on main-7.0.x.

Additional details and impacted files 
@@              Coverage Diff               @@
##           main-7.0.x   #12592      +/-   ##
==============================================
+ Coverage       83.25%   83.27%   +0.01%     
==============================================
  Files             922      922              
  Lines          261201   261304     +103     
==============================================
+ Hits           217458   217589     +131     
+ Misses          43743    43715      -28
Flag Coverage Δ
fuzzcorpus 64.31% <97.39%> (+0.07%) ⬆️
suricata-verify 63.49% <82.60%> (-0.04%) ⬇️
unittests 62.37% <45.21%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

suricata-qa commented Feb 19, 2025

ERROR:

ERROR: QA failed on SURI_TLPW2_autofp_suri_time.

Pipeline 24781

@suricata-qa
Copy link

suricata-qa commented Feb 19, 2025

Information:

ERROR: QA failed on SURI_TLPW2_autofp_suri_time.

field baseline test %
SURI_TLPW2_autofp_stats_chk
.uptime 146 141 96.58%

Pipeline 24783

@victorjulien victorjulien mentioned this pull request Feb 26, 2025
Merged
@victorjulien
Copy link
Member

victorjulien commented Feb 26, 2025

Merged in #12678, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@victorjulien victorjulien victorjulien approved these changes

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@catenacyber @suricata-qa @victorjulien