Skip to content

Igmp/v2#14794

Closed
victorjulien wants to merge 12 commits intoOISF:mainfrom
victorjulien:igmp/v2
Closed

Igmp/v2#14794
victorjulien wants to merge 12 commits intoOISF:mainfrom
victorjulien:igmp/v2

Conversation

@victorjulien
Copy link
Member

@victorjulien victorjulien commented Feb 11, 2026

SV_BRANCH=OISF/suricata-verify#2910

https://redmine.openinfosecfoundation.org/issues/8262

Adds decoder for IGMPv1, v2, v3, plus RGMP. Adds igmp-csum keyword, igmp.hdr sticky buffer and igmp.type keyword. Misc other additions.

@victorjulien victorjulien requested a review from a team as a code owner February 11, 2026 20:40
@victorjulien victorjulien force-pushed the igmp/v2 branch 2 times, most recently from 0848568 to 05c79d5 Compare February 11, 2026 21:46
@victorjulien victorjulien marked this pull request as draft February 11, 2026 21:54
@suricata-qa
Copy link

suricata-qa commented Feb 11, 2026

Information: QA ran without warnings.

Pipeline = 29548

@suricata-qa
Copy link

suricata-qa commented Feb 12, 2026

Information: QA ran without warnings.

Pipeline = 29550

@victorjulien victorjulien force-pushed the igmp/v2 branch 2 times, most recently from eee7049 to 938c454 Compare February 12, 2026 10:05
victorjulien
victorjulien commented Feb 12, 2026
View reviewed changes
victorjulien
victorjulien commented Feb 12, 2026
View reviewed changes
src/detect-igmp-type.c
*/
void DetectIGMPTypeRegister(void)
{
sigmatch_table[DETECT_IGMP_TYPE].name = "igmp.type";
Copy link
Member Author

@victorjulien victorjulien Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I rejected the idea of overloading itype as it is documented to be about ICMP

@codecov
Copy link

codecov bot commented Feb 12, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 81.08108% with 49 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.14%. Comparing base (e69c801) to head (483a501).
⚠️ Report is 33 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14794      +/-   ##
==========================================
- Coverage   82.15%   82.14%   -0.01%     
==========================================
  Files        1003     1007       +4     
  Lines      263691   263939     +248     
==========================================
+ Hits       216626   216820     +194     
- Misses      47065    47119      +54
Flag Coverage Δ
fuzzcorpus 60.16% <42.57%> (-0.04%) ⬇️
livemode 18.73% <10.44%> (-0.02%) ⬇️
netns 18.88% <10.84%> (-0.01%) ⬇️
pcap 44.59% <42.57%> (-0.06%) ⬇️
suricata-verify 65.48% <76.70%> (+0.01%) ⬆️
unittests 59.19% <15.83%> (-0.05%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa
Copy link

suricata-qa commented Feb 12, 2026

Information: QA ran without warnings.

Pipeline = 29563

jasonish
jasonish reviewed Feb 12, 2026
View reviewed changes
jasonish
jasonish reviewed Feb 12, 2026
View reviewed changes
@suricata-qa
Copy link

suricata-qa commented Feb 13, 2026

Information: QA ran without warnings.

Pipeline = 29568

@victorjulien
decoder/igmp: initial decoder support for IGMP
f498d68 
Basic v1, v2 and v3 header validation.

Ticket: OISF#8262.
@victorjulien
detect/proto: add igmp support
fe9335d 
So 'alert igmp ...' can work.
@victorjulien
detect/csum: add igmp-csum keyword to match checksum
78b76b5 
Add rule to decoder-events.rules to match on bad checksums.
@victorjulien
detect/ipopts: add qs and rtralt options
0dff027 
Reordering of table and switch to match switch in parser.
@victorjulien
decoder/igmp: detect RGMP (RFC 3488)
59d2a3d 
RGMP is a dialect of IGMP that uses the same protocol structure,
but with some different values for the fields.

Detect this and log it differently.
@victorjulien
detect: add igmp.hdr keyword
a8ac639
@victorjulien
detect: add igmp.type keyword
6e60468
@victorjulien
detect/tcp.flags: minor code cleanup
7b72a65
@victorjulien
eve/igmp: add schema support for alert records
3eb4e86
@victorjulien
decoder/igmp: add decoder events
5e0ba36
@victorjulien
doc/userguide: add missing ipopts values
580b4a4
@suricata-qa
Copy link

suricata-qa commented Feb 13, 2026

Information: QA ran without warnings.

Pipeline = 29569

@suricata-qa
Copy link

suricata-qa commented Feb 13, 2026

Information: QA ran without warnings.

Pipeline = 29573

@victorjulien victorjulien mentioned this pull request Feb 18, 2026
Closed
@victorjulien
Copy link
Member Author

victorjulien commented Feb 18, 2026

Rebased in #14834

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish jasonish left review comments

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini will be requested when the pull request is marked ready for review jufajardini is a code owner

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@victorjulien @suricata-qa @jasonish