Merged
Conversation
Ticket: 8333 Allows to pass on pseudo packets So, that a ruleset like pass ssh any any -> any any (geoip:any,US,IN; sid: 1;) drop ip any any -> any any (flow:established, to_server; sid:2;) Does not lead to a drop on the pseudo-packet when we flush because ssh traffic gets encrypted
Add flushing logic driven off of the file contexts. This is a simpler solution that removes the need for logger registration changes. Overview: Use the heartbeat-driven thread to periodically flush all registered EVE contexts via a global flush list. The global flush list is a mutex-protected TAILQ of LogFileFlushEntry nodes; each node points to a LogFileCtx. Mutex = log_file_flush_mutex Periodic flushing performed by a thread according to the heartbeat.output-flush-interval [1,60]. LogFileFlushAll() is invoked to initiate flushing of registered LogFileCtx structs; each struct's fp_mutex is obtained while the flush occurs to synchronize with LogFileWrite activity. Interacts with file-rotation via the fp_mutex. Deadlock prevention: the log_file_flush_mutex must be obtained before the fp_mutex. Issue: 8286
Remove packet-based flush logic in favor of simpler solution Issue: 8286
Remove log flush functions and update registration logic as context-based flushing doesn't require it. Issue: 8286
Update output flushing description to reflect EVE based approach in documentation and config template. Issue: 8286
Apply zero-padding to Napatech worker threads so alphanumeric sorting displays workers in proper order. Set padding for thread names according to stream count: 1-9 streams: no padding, e.g, nt1, nt9 10-99 streams: use padding, e.g, nt01, nt99 100-999 streams: use padding, e.g, nt001, nt099, nt999 This will insure that thread names, when sorted alphanumerically, maintain thread worker id order. Issue: 8337
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #15091 +/- ##
=======================================
Coverage 82.61% 82.61%
=======================================
Files 990 990
Lines 271655 271581 -74
=======================================
- Hits 224415 224375 -40
+ Misses 47240 47206 -34
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
jufajardini
approved these changes
Mar 24, 2026
|
Information: QA ran without warnings. Pipeline = 30506 |
jasonish
approved these changes
Mar 24, 2026
This was referenced Mar 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Staging:
SV_BRANCH=OISF/suricata-verify#2984