Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

next/211/20231205/v1 #9978

Merged
merged 6 commits into from
Dec 6, 2023
Merged

next/211/20231205/v1 #9978

merged 6 commits into from
Dec 6, 2023

Conversation

victorjulien
Copy link
Member

jufajardini and others added 6 commits December 5, 2023 21:16
@jufajardini @victorjulien
pgsql: add unknonwn frontend message type
1ac5d97 
We had unkonwn message type for the backend, but not the frontend
messages. It's important to better identify those to improve pgsql
probing functions.

Related to
Bug OISF#6080
@jufajardini @victorjulien
pgsql: fix probing functions
4f85d06 
Some non-pgsql traffic seen by Suricata is mistankenly identified as
pgsql, as the probing function is too generic. Now, if the parser sees
an unknown message type, even if it looks like pgsql, it will fail.

Bug OISF#6080
@jufajardini @victorjulien
pgsql: don't log unknown message type
afd6e4d
@jufajardini @victorjulien
pgsql: remove unused error handling call
53d29f6
@jufajardini @victorjulien
pgsql: remove probe_ts function
9aeeac5 
With the changes in the probing_ts function, this other one could become
obsolete. Remove it, and directly call `parser::parse_request` when
checking for gaps, instead.
@vincentmli @victorjulien
ebpf: Update eBPF map to BTF defined map
64d12aa 
legacy map definition is removed from libbpf1.0+.
update the legacy map definition to BTF defined map.

Distros with < libbpf1.0 (0.5, 0.6, 0.7, 0.8) bpf_helpers.h
support BTF map definition, this change does not break
old libbpf and support new libpbf1.0+.

Bug: OISF#6250

Signed-off-by: Vincent Li <[email protected]>
Co-authored-by: Victor Julien <[email protected]>
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 5, 2023

NOTE: This PR may contain new authors.

@codecov Codecov
Copy link

codecov bot commented Dec 5, 2023

Codecov Report

Merging #9978 (64d12aa) into master (c1bf955) will decrease coverage by 0.01%.
The diff coverage is 77.77%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9978      +/-   ##
==========================================
- Coverage   82.42%   82.41%   -0.01%     
==========================================
  Files         970      970              
  Lines      271363   271356       -7     
==========================================
- Hits       223667   223648      -19     
- Misses      47696    47708      +12
Flag Coverage Δ
fuzzcorpus 64.46% <77.77%> (+<0.01%) ⬆️
suricata-verify 61.31% <29.62%> (-0.04%) ⬇️
unittests 62.88% <0.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPR1_stats_chk
.app_layer.tx.pgsql 55 0 -
.app_layer.error.pgsql.parser 55 0 -

Pipeline 16885

@victorjulien victorjulien merged commit 64d12aa into OISF:master Dec 6, 2023
45 checks passed
This was referenced Dec 6, 2023
Closed
Closed
@victorjulien victorjulien deleted the next/211/20231205/v1 branch December 6, 2023 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish jasonish approved these changes

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@victorjulien @suricata-qa @jasonish @jufajardini @vincentmli