next/350/20240316/v1 #10652
Merged
next/350/20240316/v1 #10652
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is so patterns can reply on mpm match meaning a full match. Not yet used.
When a pattern is using endswith, only consider it a match when it is the end of the data. Ticket: OISF#6852.
Issue: 6408 Use the Suricata thread id for plugin thread initialization to give the plugin a better correlating factor to the actual Suricata threads.
Remove EVE filetypes from plugin context as they are not only used from plugins. Plugins allow user code to register filetypes, but we also have internal file types that use this api including the null output and syslog. Additionally library users can use this API to register filetypes, and they are not plugins. Ideally this code would go in "output-json.[ch]" as the "primary" eve API, however there are currently some include circular include issues there, so start new cleaned up EVE API in "output-eve.[ch]" which is "clean" with respect to includes, and as we cleanup existing EVE API for "public" use, it can be moved here. Ticket: OISF#6838
Remove "conf.h" from suricata-plugin.h as its not needed by that header. However, some other files became transitively dependent on through other includes, so fix those up.
EVE filetypes are not always plugins, for example, null and syslog that are built-in filetypes.
In 7.0 if EVE was non-threaded, the ThreadInit for the filetype was not called meaning that the filetype author had to handle the threaded and non-threaded cases. To simplify this, if non-threaded, still call ThreadInit (and ThreadDeinit) once with a thread_id of 0. This should simplify authoring EVE filetype plugins.
Add documentation for the SCEveFileType in Doxygen format.
Change ThreadDeinit to return void instead of an int, there is nothing to be done on success or failure.
Enhances readability.
Add an upgrade section to the devguide. This should cover any changes to APIs that users might be using from plugins or as a library user.
Ticket: 6856
When Suricata was running in IPS mode and received a signal to stop, the first worker of every interface/port stopped the port and proactively stopped the peered interface as well. This was done to be as accurate with port stats as possible. However, in a highly active scenarios (lots of packets moving around) the peered workers might still be in the process of a packet release operation. These workers would then attempt to transmit on a stopped interface - resulting in an errorneous operation. Instead, this patch proposes a worker synchronization of the given port. After these workers are synchronized, it is known that no packets will be sent of the peered interface, therefore the first worker can stop it. This however cannot be assumed about "its own" port as the peered workers can still try to send the packets. Therefore, ports are only stopped by the peered workers. Ticket: OISF#6790
using a workround about ASLR
Issue: 6835 When injecting a flow, ensure that the selected thread_id has been initialized. When a flow is picked up midstream, the initialized thread can be the second thread element.
Issue: 6835 When swapping the flow's direction, also swap the thread_ids. This should help with the issues identified in https://redmine.openinfosecfoundation.org/issues/2725
victorjulien
requested review from
jasonish,
jufajardini and
a team
as code owners
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #10652 +/- ##
=======================================
Coverage 82.68% 82.69%
=======================================
Files 925 926 +1
Lines 247552 247574 +22
=======================================
+ Hits 204680 204719 +39
+ Misses 42872 42855 -17
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Information: QA ran without warnings. Pipeline 19537 |
This was referenced Mar 16, 2024
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Staging:
SV_BRANCH=OISF/suricata-verify#1707