Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tx files/v82 #7521

Closed
wants to merge 51 commits into from
Closed

Tx files/v82 #7521

wants to merge 51 commits into from

Conversation

victorjulien
Copy link
Member

Draft to trigger CI/QA. Commit check will certainly fail.

suricata-verify-pr: 847

victorjulien and others added 30 commits June 9, 2022 10:35
@victorjulien
eve/schema: add missing magic from files array
7b6be1b
@victorjulien
WIP debug: print packet info in %X
0b83f93
@victorjulien
lua: store id with tx ptr
1b93cac
@victorjulien
lua: fix tx_id in file records
c3f5241
@victorjulien
FILETX: lua, tx_id from state, not from File
3402cc2 
lua: fix file fields

Fix file_id field sometimes getting overwritten by the tx_id field.
@victorjulien
FILETX: output lua
1072304
@victorjulien
files: debug log flags
210a3f2
@victorjulien
app-layer: introduce common AppLayerStateData API
445210b 
Add per state structure for storing flags and other variables.
@victorjulien
app-layer: parser flags to u16
857b41f 
In preparation of new flags.
@victorjulien
app-layer: parser trunc flags per direction
33cd43d
@victorjulien
TXFILE: http2
fe72e13
@victorjulien
TXFILE: pgsql
f13eac1
@victorjulien
TXFILE: dns
efd30ab
@victorjulien
TXFILE: dhcp
2379f53
@victorjulien
TXFILE: ike
d67685c
@victorjulien
TXFILE: mqtt
7adc53f
@victorjulien
TXFILE: sip
d37f5c4
@victorjulien
TXFILE: snmp
ed14e41
@victorjulien
TXFILE: telnet
12a7582
@victorjulien
TXFILE: dcerpc
2a5c66d
@victorjulien
TXFILE: rfb
6efd976
@victorjulien
TXFILE: rdp
0423753
@victorjulien
TXFILE: quic
78da912
@victorjulien
TXFILE: ssh
a508602
@victorjulien
TXFILE: krb
e485b81
@victorjulien
TXFILE: ntp
e3a44df
@victorjulien
TXFILE: modbus
42b89a2
@victorjulien
TXFILE: applayertemplate
bfc2c04
@victorjulien
TXFILE: smb
e85e5fd
@victorjulien
TXFILE: nfs
74d7a63
victorjulien added 17 commits June 9, 2022 10:39
@victorjulien
MISC rfb
330d803
@victorjulien
FILETX: smtp
a71a9fc
@victorjulien
BADTESTS: smtp
e11c335
@victorjulien
FILETX: htp
38f995b
@victorjulien
FILETX: C API with new trunc logic and tx file housekeeping
6b1e48c
@victorjulien
FILETX: C register API
d2b740a
@victorjulien
FILETX: detect TODO fix TODOS
edaab5c
@victorjulien
detect/filestore: consider match if filestore output not enabled
19a523b
@victorjulien
FILETX: flow/flowworker
37b2fb0
@victorjulien
FILETX: file api
1074775
@victorjulien
FILETX: filestore output
1943810
@victorjulien
FILETX: output eve
5e4272c
@victorjulien
FILETX: output eve/file
38ac52e
@victorjulien
FILETX: output eve/alert
f60e366
@victorjulien
FILETX: rust API
8b118ed
@victorjulien
file: minor debug update
3c9a1da
@victorjulien
FILETX: output tx file handling
6f0373f 
output/tx: own file/filedata thread data

output/file(data): cleanups

FILETX: register tx after file/filedata

FILETX: file output

FILETX: filedata output

FILETX: id's for file/filedata as tx loggers

FILETX: runmode needs to enable tx if file logging is enabled

WIP output files: use eof to trigger logging like with tx

SQUASH output-tx. FIX flags UPDATE ready logic

WIP output-tx

SQUASH output-tx
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 7777

@victorjulien victorjulien mentioned this pull request Jul 1, 2022
Closed
@catenacyber catenacyber added the needs rebase Needs rebase to master label Jul 6, 2022
@victorjulien victorjulien mentioned this pull request Aug 19, 2022
Closed
@victorjulien
Copy link
Member Author

replaced by #7735

@victorjulien victorjulien deleted the tx-files/v82 branch September 19, 2022 07:57
victorjulien added a commit to victorjulien/suricata that referenced this pull request Jan 23, 2025
@victorjulien
detect/iponly: use flow first flags
41dbd2b 
Instead of ip-only specific flags, reuse the FLOW_PKT_TOSERVER_FIRST and
FLOW_PKT_TOCLIENT_FIRST flags.

Leads to a minor behavior change:

If a one sided flow leads to a flow end packet in the opposite
direction, the opposing packet no longer leads to a ip-only match as the
flow end pseudo packet won't have the FLOW_PKT_*_FIRST flag set.

Ticket: OISF#7521.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Jan 23, 2025
@victorjulien
detect/iponly: use flow first flags
897d1f3 
Instead of ip-only specific flags, reuse the FLOW_PKT_TOSERVER_FIRST and
FLOW_PKT_TOCLIENT_FIRST flags.

Fixes false positives on one sided streams that trigger a opposing flow
timeout packet at the flow's end. That pseudo packet would trigger a
match even though it shouldn't.

Ticket: OISF#7521.
@victorjulien victorjulien mentioned this pull request Jan 23, 2025
Closed
victorjulien added a commit to victorjulien/suricata that referenced this pull request Jan 27, 2025
@victorjulien
detect/iponly: use flow first flags
01f1840 
Instead of ip-only specific flags, reuse the FLOW_PKT_TOSERVER_FIRST and
FLOW_PKT_TOCLIENT_FIRST flags.

Fixes false positives on one sided streams that trigger a opposing flow
timeout packet at the flow's end. That pseudo packet would trigger a
match even though it shouldn't.

Ticket: OISF#7521.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Jan 28, 2025
@victorjulien
detect/iponly: use flow first flags
0d92448 
Instead of ip-only specific flags, reuse the FLOW_PKT_TOSERVER_FIRST and
FLOW_PKT_TOCLIENT_FIRST flags.

Fixes false positives on one sided streams that trigger a opposing flow
timeout packet at the flow's end. That pseudo packet would trigger a
match even though it shouldn't.

Ticket: OISF#7521.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Jan 29, 2025
@victorjulien
detect/iponly: use flow first flags
3f39645 
Instead of ip-only specific flags, reuse the FLOW_PKT_TOSERVER_FIRST and
FLOW_PKT_TOCLIENT_FIRST flags.

Fixes false positives on one sided streams that trigger a opposing flow
timeout packet at the flow's end. That pseudo packet would trigger a
match even though it shouldn't.

Ticket: OISF#7521.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini will be requested when the pull request is marked ready for review jufajardini is a code owner

@catenacyber catenacyber Awaiting requested review from catenacyber catenacyber will be requested when the pull request is marked ready for review catenacyber is a code owner

@jasonish jasonish Awaiting requested review from jasonish jasonish will be requested when the pull request is marked ready for review jasonish is a code owner

Assignees
No one assigned
Labels
needs rebase Needs rebase to master
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@victorjulien @suricata-qa @catenacyber