Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of 6553 to main-7.0.x #11634

Closed
wants to merge 13 commits into from
Closed

Backport of 6553 to main-7.0.x #11634

wants to merge 13 commits into from

Conversation

jlucovsky
Copy link
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/6555

Describe changes:

Provide values to any of the below to override the defaults.

  • To use an LibHTP, Suricata-Verify or Suricata-Update pull request,
    link to the pull request in the respective _BRANCH variable.
  • Leave unused overrides blank or remove.

SV_REPO=
SV_BRANCH=OISF/suricata-verify#2012
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

@victorjulien @jlucovsky
stream: const args for StreamReassembleLog
792f455 
Needed a workaround cast for RBTREE use.

(cherry picked from commit a5a6527)
@victorjulien @jlucovsky
eve/frame: implement payload-buffer-size option
151b549 
Modeled after the same option in eve/alert. Defaults to 4k.

(cherry picked from commit 829bab2)
@victorjulien @jlucovsky
eve/alert: log payload directly from stream buffer
b1c8d75 
This avoids looping over partly duplicate segments that cause
output data corruption by logging parts of the stream data multiple
times.

For data with GAPs now add a indicator '[4 bytes missing]' similar
to how Wireshark does it.

Bug: OISF#6553.
(cherry picked from commit 43858f7)
@victorjulien @jlucovsky
eve/alert: init membuffer size on missing config
9716a4b 
Don't init buffer to 0 size but use the desired default of 4k.

(cherry picked from commit 462a6d7)
@victorjulien @jlucovsky
eve/frames: pass membuffer to API
3bf4075 
In preparation of stream logging changes.

(cherry picked from commit a205583)
@victorjulien @jlucovsky
eve/frame: improve frame payload logging
bfc8f75 
Log using stream callback API, meaning that data will also
be logged if there are GAPs.

Also implement GAP indicators: '[123 bytes missing]'.

(cherry picked from commit 6e10c66)
@victorjulien @jlucovsky
unix-manager: add \n string to buffer using correct API call
c826dac 
(cherry picked from commit ea98df8)
@victorjulien @jlucovsky
membuffer: turn complex macros into functions
ddd318b 
For better readability and type checking.

(cherry picked from commit 3ef98f2)
@victorjulien @jlucovsky
membuffer: use buffer pointer as flexible array member
fa0b268 
(cherry picked from commit 9c3669b)
@victorjulien @jlucovsky
membuffer: return bytes written
bdae26a 
(cherry picked from commit 7d5b537)
@victorjulien @jlucovsky
eve/frame: break out of logging callback if buffer is full
de1ec06 
(cherry picked from commit 1dea4fe)
@victorjulien @jlucovsky
eve/alert: break out of payload logging callback if buffer is full
d8c5a7e 
(cherry picked from commit 926c6e3)
@victorjulien @jlucovsky
membuffer: annotate printf style function
089b6d8 
(cherry picked from commit ff8597d)
@jlucovsky jlucovsky requested review from victorjulien and a team as code owners August 15, 2024 15:02
@suricata-qa
Copy link

ERROR:

ERROR: QA failed on ASAN_TLPR1_suri.

Pipeline 22128

@jlucovsky jlucovsky mentioned this pull request Aug 17, 2024
Closed
@jlucovsky
Copy link
Contributor Author

Continued in #11637

@jlucovsky jlucovsky closed this Aug 17, 2024
@jlucovsky jlucovsky mentioned this pull request Aug 18, 2024
Closed
@jlucovsky jlucovsky deleted the 6555/1 branch September 30, 2024 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jlucovsky @suricata-qa @victorjulien