Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[detect] allow rule which need both directions to match 5665 v19 #11900

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

[detect] allow rule which need both directions to match 5665 v19 #11900

wants to merge 3 commits into from
+345 −12

Conversation

catenacyber
Copy link
Contributor

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/5665

Describe changes:

  • allows bidirectional signature matching !

SV_BRANCH=OISF/suricata-verify#2083

#11578 with review taken into consideration in last commit +

  • do not choose ambiguous buffer used in to_client direction for fast_pattern (using only_tc)
  • use SIG_FLAG_INIT_BIDIR_FAST_TOCLIENT to check before setting `SIG_FLAG_INIT_BIDIR_STREAMING_TOSERVER

@catenacyber catenacyber mentioned this pull request Oct 8, 2024
Closed
@codecov Codecov
Copy link

codecov bot commented Oct 8, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 75.69061% with 44 lines in your changes missing coverage. Please review.

Project coverage is 82.62%. Comparing base (6ae5ae7) to head (4fec5a5).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11900      +/-   ##
==========================================
+ Coverage   82.60%   82.62%   +0.01%     
==========================================
  Files         912      912              
  Lines      249342   249515     +173     
==========================================
+ Hits       205968   206157     +189     
+ Misses      43374    43358      -16
Flag Coverage Δ
fuzzcorpus 60.65% <39.22%> (+0.01%) ⬆️
livemode 18.71% <10.49%> (-0.02%) ⬇️
pcap 44.04% <27.07%> (-0.03%) ⬇️
suricata-verify 62.05% <74.03%> (+0.03%) ⬆️
unittests 58.92% <31.49%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@catenacyber
Copy link
Contributor Author

Ongoing questions :

  • usage of keyword bidir.toserver or tweaking flow: toserver in the case of a bidirectional signature ?
  • have a test with a suricata transaction with server speaking first...

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 23074

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini will be requested when the pull request is marked ready for review jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien will be requested when the pull request is marked ready for review victorjulien is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @suricata-qa