-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
detect: flush when setting no_inspection #9903
Conversation
Ticket: 6578 When a protocol such as SSH sets no_inspection, we still have to flush the current streams and packets that contain clear-text for detection.
Not sure this is the perfect patch but it makes the S-V test pass at least and shows where in the code something is to be fixed |
Re running with newer S-V PR |
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## master #9903 +/- ##
==========================================
- Coverage 82.45% 82.32% -0.14%
==========================================
Files 972 972
Lines 273057 273063 +6
==========================================
- Hits 225156 224795 -361
- Misses 47901 48268 +367
Flags with carried forward coverage won't be shown. Click here to find out more. |
WARNING:
| | TREX_GENERIC_stats_chk | | | Pipeline 16746 |
@jufajardini any clue why this is failing only on Fedora for S-V test exception-policy-simulated-flow-memcap you committed ? Maybe because it requires feature |
Replaced by #9961 |
Sorry for not seeing this before. I think your guess on the pseudo-packets is the answer, as there are two more pseudo-packets created in the SV tests from this PR than when ran against master. |
Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6578
Describe changes:
So that we can run detection on the clear text of ssh new keys packet
OISF/suricata-verify#1498