capture-bypass: force check statistics of bypassed flows v1#15332
Open
capture-bypass: force check statistics of bypassed flows v1#15332
Conversation
This commit forces timeout check of all flows in the flow table at the shutdown stage of Suricata. Gathering of capture-bypassed flow statistics was left to the bypass capture method via BypassUpdate callback. Until now, capture-bypassed flows that did not timeout had their statistics unchecked in the period between last check and shutdown. This commit forces gathering of statistics from these flows. Ticket: 8440
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR resolves an issue where Suricata did not collect statistics from capture-bypassed flows in the period from the last timeout check to shutdown. For example, if a flow were bypassed and Suricata shut down before a timeout check, the statistics from the bypassed part of the flow would not be counted toward the overall bypassed flow statistics.
Solution:
While using capture-bypass, force FlowManager to perform a final timeout check of all flows at shutdown to gather statistics for all capture-bypassed flows.
Changes:
BypassUpdate()on capture-bypassed flowsSV_BRANCH=OISF/suricata-verify#3027
Links to ticket: 8440