Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect/dataset: delay set operation after signature full match v6 #11704

Closed
wants to merge 5 commits into from
Closed

detect/dataset: delay set operation after signature full match v6 #11704

wants to merge 5 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/5576

Describe changes:

  • detect/dataset: delay set operation after signature full match

SV_BRANCH=OISF/suricata-verify#2000

#11662 with new solution, reusing list to find buffer again at postmatch

So no longer the limitation described for flowvar in https://redmine.openinfosecfoundation.org/issues/7197

@regit @catenacyber
detect/dataset: delay set operation after signature full match
884a327 
The set operation of dataset keyword was done even if signature
did not fully match.

This patch changes the behavior of the dataset keyword to do a
match and a post match for the set operation.
The postmatch retrieves the data and set it in the buffer.

Increases postmatch capability to do applayertxmatch,
and this get the data from a tx buffer.

Ticket: OISF#5576
@catenacyber catenacyber mentioned this pull request Sep 3, 2024
Closed
catenacyber
catenacyber commented Sep 3, 2024
View reviewed changes
src/detect-dataset.c

DetectEngineAppInspectionEngine *a = s->app_inspect;
while (a != NULL) {
if (a->sm_list == sd->list && a->alproto == f->alproto) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we quickly know if sd->list is a app engine or a pkt one ?

@codecov Codecov
Copy link

codecov bot commented Sep 3, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 95.38462% with 3 lines in your changes missing coverage. Please review.

Project coverage is 82.64%. Comparing base (685baa9) to head (01eec9d).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #11704   +/-   ##
=======================================
  Coverage   82.63%   82.64%           
=======================================
  Files         919      919           
  Lines      248925   248979   +54     
=======================================
+ Hits       205703   205765   +62     
+ Misses      43222    43214    -8
Flag Coverage Δ
fuzzcorpus 60.91% <93.84%> (+0.02%) ⬆️
livemode 18.75% <53.84%> (+0.03%) ⬆️
pcap 44.11% <7.69%> (-0.04%) ⬇️
suricata-verify 61.88% <95.38%> (+<0.01%) ⬆️
unittests 59.00% <7.69%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information:

ERROR: QA failed on SURI_TLPR1_suri_time.

field baseline test %
SURI_TLPR1_stats_chk
.uptime 642 671 104.52%

Pipeline 22328

@catenacyber catenacyber marked this pull request as draft September 3, 2024 12:54
@catenacyber catenacyber mentioned this pull request Sep 3, 2024
Closed
@catenacyber
Copy link
Contributor Author

Clean in #11714

@catenacyber catenacyber closed this Sep 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

@jasonish jasonish Awaiting requested review from jasonish jasonish will be requested when the pull request is marked ready for review jasonish is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@catenacyber @suricata-qa @regit