Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect: flush when setting no_inspection #9903

Closed
wants to merge 1 commit into from
Closed

detect: flush when setting no_inspection #9903

wants to merge 1 commit into from

Conversation

catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Nov 27, 2023
edited
Loading

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6578

Describe changes:

  • detect: flush when setting no_inspection

So that we can run detection on the clear text of ssh new keys packet

SV_BRANCH=pr/1498

OISF/suricata-verify#1498

@catenacyber
detect: flush when setting no_inspection
2423186 
Ticket: 6578

When a protocol such as SSH sets no_inspection, we still have to
flush the current streams and packets that contain clear-text
for detection.
@catenacyber
Copy link
Contributor Author

Not sure this is the perfect patch but it makes the S-V test pass at least and shows where in the code something is to be fixed

@catenacyber catenacyber mentioned this pull request Nov 27, 2023
Closed
@catenacyber
Copy link
Contributor Author

Re running with newer S-V PR

@codecov Codecov
Copy link

codecov bot commented Nov 27, 2023
edited
Loading

Codecov Report

Merging #9903 (2423186) into master (d005fff) will decrease coverage by 0.14%.
The diff coverage is 100.00%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9903      +/-   ##
==========================================
- Coverage   82.45%   82.32%   -0.14%     
==========================================
  Files         972      972              
  Lines      273057   273063       +6     
==========================================
- Hits       225156   224795     -361     
- Misses      47901    48268     +367
Flag Coverage Δ
fuzzcorpus 64.07% <100.00%> (-0.30%) ⬇️
suricata-verify 61.08% <100.00%> (-0.01%) ⬇️
unittests 62.91% <0.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPW1_stats_chk
.tcp.pseudo 7988 104962 1314.0%
SURI_TLPR1_stats_chk
.tcp.pseudo 2810 761278 27091.74%
IPS_AFP_stats_chk

| | TREX_GENERIC_stats_chk | | |

Pipeline 16746

@catenacyber
Copy link
Contributor Author

@jufajardini any clue why this is failing only on Fedora for S-V test exception-policy-simulated-flow-memcap you committed ?

Maybe because it requires feature DEBUG

@catenacyber catenacyber marked this pull request as draft November 29, 2023 13:49
This was referenced Dec 5, 2023
Closed
Closed
@catenacyber
Copy link
Contributor Author

Replaced by #9961

@catenacyber catenacyber closed this Dec 5, 2023
@jufajardini
Copy link
Contributor

@jufajardini any clue why this is failing only on Fedora for S-V test exception-policy-simulated-flow-memcap you committed ?

Maybe because it requires feature DEBUG

Sorry for not seeing this before. I think your guess on the pseudo-packets is the answer, as there are two more pseudo-packets created in the SV tests from this PR than when ran against master.

@catenacyber catenacyber mentioned this pull request Jan 18, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@catenacyber @suricata-qa @jufajardini