Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect/iponly: use flow first flags (backport7) #12669

Open
wants to merge 1 commit into
base: main-7.0.x
Choose a base branch
from
Open

detect/iponly: use flow first flags (backport7) #12669

wants to merge 1 commit into from

Conversation

catenacyber
Copy link
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7522
Describe changes:

Cherry-pick had conflicts in flow.c (removal of FlowSetIPOnlyFlag)
And I also did the removal in flow.h cf #12668

SV_BRANCH=OISF/suricata-verify#2319

@victorjulien @catenacyber
detect/iponly: use flow first flags
c1d0ab2 
Instead of ip-only specific flags, reuse the FLOW_PKT_TOSERVER_FIRST and
FLOW_PKT_TOCLIENT_FIRST flags.

Fixes false positives on one sided streams that trigger a opposing flow
timeout packet at the flow's end. That pseudo packet would trigger a
match even though it shouldn't.

Ticket: OISF#7521.
(cherry picked from commit 3f39645)
@codecov Codecov
Copy link

codecov bot commented Feb 25, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.28%. Comparing base (05bf4a8) to head (c1d0ab2).

Additional details and impacted files 
@@              Coverage Diff               @@
##           main-7.0.x   #12669      +/-   ##
==============================================
- Coverage       83.30%   83.28%   -0.02%     
==============================================
  Files             922      922              
  Lines          261171   261152      -19     
==============================================
- Hits           217556   217495      -61     
- Misses          43615    43657      +42
Flag Coverage Δ
fuzzcorpus 64.32% <33.33%> (-0.02%) ⬇️
suricata-verify 63.51% <100.00%> (-0.03%) ⬇️
unittests 62.36% <35.71%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information:

ERROR: QA failed on SURI_TLPW2_autofp_suri_time.

ERROR: QA failed on SURI_TLPR1_suri_time.

field baseline test %
SURI_TLPR1_stats_chk
.uptime 640 685 107.03%

Pipeline 24899

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@catenacyber @suricata-qa @victorjulien