Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Next/20220607/v3 #7496

Closed
wants to merge 20 commits into from
Closed

Next/20220607/v3 #7496

wants to merge 20 commits into from

Conversation

victorjulien
Copy link
Member

victorjulien and others added 20 commits June 7, 2022 10:37
@victorjulien
stream: detect spurious retransmissions early
cc4e8f0
@victorjulien
stream/rules: add example rule for pkt_spurious_retransmission
d8edea9
@victorjulien
stream/segtree: simplify error handling
13554f7 
Now that spurious retransmissions don't propegate into the reassembly
code, error handling can be simplified.
@victorjulien
stream: remove now unused tcp.insert_list_fail counter
f348458
@victorjulien
stream/reassemble: clarify error handling
b6cf799
@victorjulien
stream: clarify error handling comment
2d64ec6
@victorjulien
stream/tests: remove bad test; update failing test to new behavior
55fb2d5
@victorjulien
eve/drop: log drop reason
272afa9 
Ticket: OISF#5202.
@victorjulien
decode: turn no payload/packet inspect macros into funcs
e5daa98 
Remove unused unset macros.
@victorjulien
decode: add pass action wrapper
e2a8017
@victorjulien
exceptions: initial exception-policy implementation
c968258 
Adds a framework for setting exception policies. These would be called
when the engine reaches some kind of exception condition, like hitting
a memcap or some traffic processing error.

The policy gives control over what should happen next: drop the packet,
drop the packet and flow, bypass, etc.

Implements the policy for:

    stream: If stream session or reassembly memcaps are hit call the
    memcap policy on the packet and flow.

    flow: Apply policy when memcap is reached and no flow could be
    freed up.

    defrag: Apply policy when no tracker could be picked up.

    app-layer: Apply ppolicy if a parser reaches an error state.

All options default to 'ignore', which means the default behavior
is unchanged.

Adds commandline options: add simulation options for exceptions. These
are only exposed if compiled with `--enable-debug`.
@victorjulien
napatech: fix conf API call
b7c37e2
@catenacyber @victorjulien
ftp: fix integer warning
8f734f2 
Ticket: OISF#4516
@catenacyber @victorjulien
detect: fix integer warnings for app-layer-event
304e2ab 
Ticket: OISF#4516
@catenacyber @victorjulien
detect: fix integer warnings for content
1ec10c4 
Ticket: OISF#4516
@catenacyber @victorjulien
detect: fix integer warnings
c4427f2 
Ticket: OISF#4516
@catenacyber @victorjulien
ci: adds warning flag about integer conversions
fe39752
@catenacyber @victorjulien
detect: change InspectEngineFuncPtr2 to return uint8_t
b51cd65
@lukashino @victorjulien
bypass: fix memory leak - reassign of FlowBypassInfo
d50b136 
In some situations bypass callback is called on already bypassed
flow. This allocates FlowBypassInfo structure for the flow but
does not check if the flow already has one.

Issue: OISF#5368
@lukashino @victorjulien
bypass: af-packet: fix memory leak - reassign of EBPFBypassData
ec12be7 
AF-Packet bypass function in some situations allocates EBPF bypass data
for an already bypassed flow and assigns it to the flow without any checks

Issue: OISF#5368
@victorjulien victorjulien requested a review from a team as a code owner June 7, 2022 10:30
@suricata-qa
Copy link

ERROR:

ERROR: QA failed on tlpw1_files_sha256.

ERROR: QA failed on tlpr1_alerts_cmp.

Pipeline 7727

@victorjulien victorjulien mentioned this pull request Jun 7, 2022
Closed
@victorjulien
Copy link
Member Author

replaced by #7510

@victorjulien victorjulien deleted the next/20220607/v3 branch July 17, 2023 11:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@victorjulien @suricata-qa @catenacyber @lukashino