Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect: flush when setting no_inspection #10004

Closed
wants to merge 1 commit into from
Closed

detect: flush when setting no_inspection #10004

wants to merge 1 commit into from

Conversation

catenacyber
Copy link
Contributor

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6578

Describe changes:

  • detect: flush when setting no_inspection

So that we can run detection on the clear text of ssh new keys packet

SV_BRANCH=pr/1507

OISF/suricata-verify#1507

#9961 with code review taken into account

@catenacyber
detect: flush when setting no_inspection
04ec0c6 
Ticket: 6578

When a protocol such as SSH sets no_inspection, we still have to
flush the current streams and packets that contain clear-text
for detection.
@catenacyber catenacyber mentioned this pull request Dec 7, 2023
Closed
@codecov Codecov
Copy link

codecov bot commented Dec 7, 2023

Codecov Report

Merging #10004 (04ec0c6) into master (bdec2d8) will decrease coverage by 0.02%.
The diff coverage is 88.88%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #10004      +/-   ##
==========================================
- Coverage   82.47%   82.46%   -0.02%     
==========================================
  Files         970      970              
  Lines      271355   271362       +7     
==========================================
- Hits       223798   223775      -23     
- Misses      47557    47587      +30
Flag Coverage Δ
fuzzcorpus 64.57% <88.88%> (-0.01%) ⬇️
suricata-verify 61.29% <88.88%> (-0.05%) ⬇️
unittests 62.87% <11.11%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@catenacyber
Copy link
Contributor Author

For S-V test, should StreamTcpDetectLogFlush copy pcap_cnt ?

@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPR1_stats_chk
.tcp.pseudo 2810 19572 696.51%

Pipeline 16934

This was referenced Jan 18, 2024
Closed
Closed
@catenacyber
Copy link
Contributor Author

Rebased in #10192

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @suricata-qa