Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dcerpc/tcp: add frames support #11678

Closed
wants to merge 1 commit into from
Closed

dcerpc/tcp: add frames support #11678

wants to merge 1 commit into from

Conversation

inashivb
Copy link
Member

@inashivb inashivb commented Aug 29, 2024
edited
Loading

Link to ticket: https://redmine.openinfosecfoundation.org/issues/4904

SV_BRANCH=OISF/suricata-verify#2024

Note: This is Blocked by #11675. Currently, it is incorrect for fragmented data. The buffering happens in the input handler with a new allocation every time. However, the Frame API expects pointer to the stream buffer which is available only with the current input.

TODO:

  • UDP frames

@inashivb
dcerpc/tcp: add frames support
053c1fa 
Frames of the following types have been added for toserver direction:
1. Pdu: The entire Protocol Data Unit
2. Hdr: Header of the request
3. Data: PDU data

Feature 4904
@codecov Codecov
Copy link

codecov bot commented Aug 29, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 77.64%. Comparing base (304271e) to head (053c1fa).
Report is 437 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11678      +/-   ##
==========================================
- Coverage   82.61%   77.64%   -4.98%     
==========================================
  Files         919      919              
  Lines      248997   248953      -44     
==========================================
- Hits       205717   193291   -12426     
- Misses      43280    55662   +12382
Flag Coverage Δ
fuzzcorpus ?
livemode 18.66% <14.28%> (+<0.01%) ⬆️
pcap 44.14% <92.85%> (+<0.01%) ⬆️
suricata-verify 61.88% <100.00%> (-0.02%) ⬇️
unittests 59.00% <97.72%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 22289

@catenacyber
Copy link
Contributor

What is expected out of this draft ?

Just to keep as a reminder and rebase once the blocker is merged ?

@inashivb
Copy link
Member Author

inashivb commented Sep 4, 2024

What is expected out of this draft ?

Just to keep as a reminder and rebase once the blocker is merged ?

yes. There's a chain of blockers in dcerpc work.
invalid header validation blocks applayer incomplete api blocks this PR

@catenacyber
Copy link
Contributor

My advice is to do a draft PR with all the commits, and then a regular PR with just the first commits ;-)

@inashivb inashivb mentioned this pull request Nov 20, 2024
Closed
This was referenced Jan 27, 2025
Closed
Closed
Closed
@catenacyber
Copy link
Contributor

Should we close this as stale and waiting on other DCERPC PRs ?
Should the ticket https://redmine.openinfosecfoundation.org/issues/4904 link to these other tickets getting fixed in other DCERPC PRs ?

@inashivb inashivb closed this Jan 28, 2025
@inashivb inashivb deleted the dcerpc-frames/v1 branch January 28, 2025 15:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber left review comments

@jasonish jasonish Awaiting requested review from jasonish jasonish will be requested when the pull request is marked ready for review jasonish is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@inashivb @suricata-qa @catenacyber