Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect/dataset: fix dataset set logic #8114

Closed
wants to merge 1 commit into from
Closed

detect/dataset: fix dataset set logic #8114

wants to merge 1 commit into from

Conversation

regit
Copy link
Contributor

@regit regit commented Oct 28, 2022

The set operation of dataset keyword was not done only signature when there is a full match. This was not correct with regards to expectation.

Make sure these boxes are signed before submitting your Pull Request -- thank you.

Link to redmine ticket:

Describe changes:

  • Move dataset set to post match
  • Keep backward compat

suricata-verify-pr: 959

@regit
detect/dataset: fix dataset set logic
6953aac 
The set operation of dataset keyword was not done only signature
when there is a full match. This was not correct with regards to
expectation.
@codecov
Copy link

codecov bot commented Oct 28, 2022

Codecov Report

Merging #8114 (6953aac) into master (2f9ca8b) will increase coverage by 0.07%.
The diff coverage is 83.58%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #8114      +/-   ##
==========================================
+ Coverage   81.51%   81.59%   +0.07%     
==========================================
  Files         958      958              
  Lines      276148   276211      +63     
==========================================
+ Hits       225099   225367     +268     
+ Misses      51049    50844     -205
Flag Coverage Δ
fuzzcorpus 63.64% <83.58%> (+0.28%) ⬆️
suricata-verify 58.98% <83.58%> (-0.01%) ⬇️
unittests 63.36% <1.49%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@victorjulien
Copy link
Member

I think the commit message should do a better job of explaining the problem followed by the suggested solution. Its very minimal currently.

I don't think it is necessary or efficient to make a copy of the buffer. During the lifetime of the rule inspection the buffer shouldn't change. Not sure if it is easily accessible, but a pointer to (or index into) the InspectionBuffer that holds the inspected data could be set aside and used by the actual Set.

victorjulien
victorjulien requested changes Oct 28, 2022
View reviewed changes
Copy link
Member

@victorjulien victorjulien left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see comment

@suricata-qa
Copy link

WARNING:

field baseline test %
TREX_GENERIC_stats_chk
.capture.kernel_drops 0 140022 -
.flow.end.tcp_state.syn_sent 0 251 -
.flow.end.tcp_state.syn_recv 0 1 -
.flow.end.tcp_state.fin_wait1 0 40 -
.flow.end.tcp_state.fin_wait2 0 17 -
.flow.end.tcp_state.time_wait 0 27 -
.flow.end.tcp_state.last_ack 0 8 -
.flow.end.tcp_state.close_wait 0 57 -
.tcp.reassembly_gap 80952 100373 123.99%
.app_layer.error.http.parser 0 27 -
.app_layer.error.ftp.gap 0 1 -
.app_layer.error.smtp.gap 0 20 -
.app_layer.error.dcerpc_tcp.parser 0 5 -

Pipeline 10288

@regit regit mentioned this pull request Oct 29, 2022
Closed
3 tasks
@regit regit closed this Oct 29, 2022
@catenacyber catenacyber mentioned this pull request Nov 21, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien requested changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@regit @victorjulien @suricata-qa