Next/20220727/v8 by victorjulien · Pull Request #7653 · OISF/suricata

victorjulien · 2022-07-28T06:31:20Z

Staging:

replaces #7650

suricata-verify-pr: 894

replaces #7652, fixing a newly introduced include issue

alert_queue_overflow and alerts_suppressed were not being reinitialized when there was a reload of Suricata rules, leading to non-valid stats counters if that happened. Bug OISF#5457

As reported by Shchelk

Bumps [actions/cache](https://github.com/actions/cache) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@c3f1317...0865c47) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

The image describing Suricata's sliding window had two of the "packets" with the same text. Now they actually give the sense of a sliding window. This was found by Zhiyuan-liao.

Ticket: OISF#5167

codecov · 2022-07-28T06:44:41Z

Codecov Report

Merging #7653 (6f8ca41) into master (f8bf581) will increase coverage by 0.00%.
The diff coverage is 95.00%.

@@           Coverage Diff           @@
##           master    #7653   +/-   ##
=======================================
  Coverage   75.75%   75.76%           
=======================================
  Files         659      659           
  Lines      185743   185748    +5     
=======================================
+ Hits       140713   140726   +13     
+ Misses      45030    45022    -8

Flag	Coverage Δ
fuzzcorpus	`60.18% <85.00%> (+0.03%)`	⬆️
suricata-verify	`52.50% <85.00%> (+0.07%)`	⬆️
unittests	`60.70% <0.00%> (-0.01%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

suricata-qa · 2022-07-28T10:45:03Z

Information: QA ran without warnings.

Pipeline 8368

If for the same a packet a drop rule and a pass rule would match, the applying of actions could be contradictionary: - the drop would be applied to the packet - the pass rule would also be considered, not overriding the drop, but still setting the flow pass flag. This would lead to the packet being dropped, but the rest of the flow getting passed, including retransmissions of the dropped packet. This patch only sets drop/pass actions if no conflicting action has been set on the packet before. It respects the action-order. Bug: OISF#7653.

If for the same a packet a drop rule and a pass rule would match, the applying of actions could be contradictionary: - the drop would be applied to the packet - the pass rule would also be considered, not overriding the drop, but still setting the flow pass flag. This would lead to the packet being dropped, but the rest of the flow getting passed, including retransmissions of the dropped packet. This patch only sets drop/pass actions if no conflicting action has been set on the packet before. It respects the action-order. Bug: OISF#7653. Fix based on: 57b17fb ("detect: don't set conflicting packet/flow actions")

jufajardini and others added 19 commits July 25, 2022 20:51

detect/engine: init alert queue counters on reload

93c2c97

alert_queue_overflow and alerts_suppressed were not being reinitialized when there was a reload of Suricata rules, leading to non-valid stats counters if that happened. Bug OISF#5457

src: rework includes as per cppclean

02f2602

src: remove unused header files

4411ef7

util: fix integer warnings in profiling

36b1344

ci: checks include are necessary in github

e69e99f

profiling: minor code cleanups

21f7677

includes: minor cleanups

0ec9379

detect: update copyright years

08e349a

detect/cip: remove dead code

ad76502

detect: reduce datatype scope for various keywords

9fa0033

threads: cleaner code with one instruction per line

adeb1fd

As reported by Shchelk

userguide: fix typo in inline mode illustration

f9c9091

The image describing Suricata's sliding window had two of the "packets" with the same text. Now they actually give the sense of a sliding window. This was found by Zhiyuan-liao.

output: do not log empty arrays for sid

da0be16

Ticket: OISF#5167

mqtt: do not log reason_codes if there is none

262a93c

Ticket: OISF#5167

ike: do not log empty notify array

632581a

Ticket: OISF#5167

dnp3: do not log empty objects array

16fc786

Ticket: OISF#5167

quic: do not log empty cyu array

11e0eb9

Ticket: OISF#5167

detect/cip: cleanup includes

6f8ca41

victorjulien requested review from catenacyber, jasonish and jufajardini as code owners July 28, 2022 06:31

This was referenced Jul 28, 2022

Next/20220727/v2 #7650

Closed

Next/20220727/v7 #7652

Closed

victorjulien merged commit 6f8ca41 into OISF:master Jul 28, 2022

This was referenced Jul 28, 2022

userguide: fix typo in inline mode illustration - v1 #7621

Closed

Output emptyarrays 5167 v5 #7612

Closed

Include less v5 #7644

Closed

This was referenced Jul 28, 2022

Add commandline option to simulate alert queue expand failure - v3 (again) #7649

Closed

threads: cleaner code with one instruction per line #7614

Closed

victorjulien deleted the next/20220727/v8 branch July 17, 2023 11:56

victorjulien mentioned this pull request May 13, 2025

detect: don't set conflicting packet/flow actions #13222

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Next/20220727/v8#7653

Next/20220727/v8#7653
victorjulien merged 19 commits intoOISF:masterfrom
victorjulien:next/20220727/v8

victorjulien commented Jul 28, 2022

Uh oh!

codecov bot commented Jul 28, 2022

Uh oh!

suricata-qa commented Jul 28, 2022

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

4 participants

Conversation

victorjulien commented Jul 28, 2022

Uh oh!

codecov bot commented Jul 28, 2022

Codecov Report

Uh oh!

suricata-qa commented Jul 28, 2022

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

4 participants