Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect bidir 5665 v4 #10231

Closed
wants to merge 5 commits into from
Closed

Detect bidir 5665 v4 #10231

wants to merge 5 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/5665

Describe changes:

  • allows bidirectional signature matching !
SV_BRANCH=pr/1603

OISF/suricata-verify#1603

Draft: to show POC and get feedback.
Throw me rules examples ! negative and positive...

TODO :

  • more tests !!!!
  • think about solution for ambiguous-direction keywords (like new to_client and to_server keywords that are not in flow keyword, but only apply to a previous keyword)
  • optimize the way to store inspect_flags in tx_data->de_state for bidirectional signatures. Now it is storing in both directions, and takes the pain of figuring out where it the other one when it needs an update...
  • fixup all commits, shown to see the progression of the reflection

#10209 with

  • doc
  • fix FP for matching on first direction, but was not testing second direction

@catenacyber catenacyber mentioned this pull request Jan 23, 2024
Closed
@codecov Codecov
Copy link

codecov bot commented Jan 23, 2024

Codecov Report

Attention: 16 lines in your changes are missing coverage. Please review.

Comparison is base (3cb7112) 82.18% compared to head (f354107) 82.20%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #10231      +/-   ##
==========================================
+ Coverage   82.18%   82.20%   +0.01%     
==========================================
  Files         977      977              
  Lines      271894   271966      +72     
==========================================
+ Hits       223465   223569     +104     
+ Misses      48429    48397      -32
Flag Coverage Δ
fuzzcorpus 63.19% <24.32%> (+0.21%) ⬆️
suricata-verify 61.51% <74.32%> (+0.02%) ⬆️
unittests 62.80% <18.91%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information:

ERROR: QA failed on SURI_TLPW1_files_sha256.

field baseline test %
SURI_TLPR1_stats_chk
.app_layer.error.http.parser 1108 724 65.34%

Pipeline 17697

@suricata-qa
Copy link

Information:

ERROR: QA failed on SURI_TLPW1_files_sha256.

field baseline test %
SURI_TLPR1_stats_chk
.app_layer.error.http.parser 1108 724 65.34%

Pipeline 17717

This was referenced Jan 25, 2024
Closed
Closed
@catenacyber
Copy link
Contributor Author

Replaced by #10242

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini will be requested when the pull request is marked ready for review jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien will be requested when the pull request is marked ready for review victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @suricata-qa