Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mqtt: improve rule support for detection #11995

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

mqtt: improve rule support for detection #11995

wants to merge 2 commits into from

Conversation

satta
Copy link
Contributor

@satta satta commented Oct 20, 2024
edited
Loading

Contribution style:

Our Contribution agreements:

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7323

Describe changes:

  • Include payloads of SUBACK in the detection of reason codes as well. This was missing before. Thanks @catenacyber for the hint.
  • Revisit detection directions and adjust toclient/toserver flags considering that some messages can also be sent from the broker to the client.

SV_REPO=
SV_BRANCH=OISF/suricata-verify#2106
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

@satta satta requested a review from jasonish as a code owner October 20, 2024 09:35
@codecov Codecov
Copy link

codecov bot commented Oct 20, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.40%. Comparing base (55b922c) to head (bdd20ff).
Report is 19 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11995      +/-   ##
==========================================
+ Coverage   82.75%   83.40%   +0.64%     
==========================================
  Files         910      910              
  Lines      249016   257618    +8602     
==========================================
+ Hits       206069   214855    +8786     
+ Misses      42947    42763     -184
Flag Coverage Δ
fuzzcorpus 61.55% <100.00%> (+0.73%) ⬆️
livemode 19.38% <50.00%> (+0.67%) ⬆️
pcap 44.44% <50.00%> (+0.31%) ⬆️
suricata-verify 62.77% <100.00%> (+0.48%) ⬆️
unittests 59.36% <50.00%> (+0.35%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@jufajardini jufajardini mentioned this pull request Oct 24, 2024
Closed
jufajardini
jufajardini reviewed Oct 24, 2024
View reviewed changes
Copy link
Contributor

@jufajardini jufajardini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, do you think that the patch for the direction, that Philippe mentioned in the ticket, should also be added?

@satta
Copy link
Contributor Author

satta commented Oct 24, 2024

Thanks, do you think that the patch for the direction, that Philippe mentioned in the ticket, should also be added?

Absolutely, working on it right now -- will then update this PR and open it for review.

@satta satta changed the title Draft: mqtt: improve rule support for detection mqtt: improve rule support for detection Oct 24, 2024
@satta
Copy link
Contributor Author

satta commented Oct 24, 2024

Removed draft status.

jufajardini
jufajardini approved these changes Oct 25, 2024
View reviewed changes
Copy link
Contributor

@jufajardini jufajardini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From what I can understand, this looks good, thank you. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini jufajardini approved these changes

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@satta @jufajardini