Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

next/628/20241106/v1 #12094

Merged
merged 19 commits into from
Nov 7, 2024
Merged

next/628/20241106/v1 #12094

merged 19 commits into from
Nov 7, 2024

Conversation

victorjulien
Copy link
Member

catenacyber and others added 19 commits November 6, 2024 21:33
@catenacyber @victorjulien
transforms: move strip_whitespace to rust
4985ebc 
Ticket: 7229
@catenacyber @victorjulien
transforms: move compress_whitespace to rust
966f659 
Ticket: 7229
@catenacyber @victorjulien
transforms: move dotprefix to rust
71da38e 
Ticket: 7229
@catenacyber @victorjulien
transforms: move hash transforms to rust
0e5b49d 
md5, sha1 and sha256

Ticket: 7229
@catenacyber @victorjulien
transforms: move casechange to rust
f041457 
Ticket: 7229
@catenacyber @victorjulien
transforms: move http headers transforms to rust
45e0acf 
Ticket: 7229
@catenacyber @victorjulien
transforms: move xor to rust
8984bc6 
Ticket: 7229
@catenacyber @victorjulien
transforms: move urldecode to rust
63324b7 
Ticket: 7229
@victorjulien
rust: update crates
5bd2289
@victorjulien
smb2: use if let for read/write parsing
d535d7f
@victorjulien
smb: update to GAP handling
c2124f0 
Don't tag the session as gap'd when the GAP is in a precise location:

1. in "skip" data, where the GAP just fits the skip data

2. in file data, where we pass the GAP on to the file

This reduces load of GAP post-processing that is unnecessary in these
case.
@victorjulien
smb2: remove filename on close
85987aa 
Ticket: OISF#5672.
@victorjulien
smb1: remove name on close
23f2317 
Ticket: OISF#5672.
@victorjulien
smb: use lru for guid2name map; rename
91828ec 
Use `lru` crate. Rename to reflect this.

Add `app-layer.protocols.smb.max-guid-cache-size` to control the max
size of the LRU cache.

Ticket: OISF#5672.
@victorjulien
smb: use lru for ssn2vecoffset_map; rename
ce44d38 
Rename to read_offset_cache.

Add `app-layer.protocols.smb.max-read-offset-cache-size` option to
control the limit.

Ticket: OISF#5672.
@victorjulien
smb: use lru for ssn2tree; rename
0f23557 
Turn the map mapping the smb session key to smb tree into a lru cache,
limited to 1024 by default.

Add `app-layer.protocols.smb.max-tree-cache-size` option to control the
limit.

Ticket: OISF#5672.
@victorjulien
smb: use lru for ssnguid2vec_map; rename
ba7a4ec 
Reimplement the ssnguid2vec_map HashMap as a LruCache.

Since this is a DCERPC record cache, name it as such.

Default size is 128. Can be controlled by
`app-layer.protocols.smb.max-dcerpc-frag-cache-size`.

Ticket: OISF#5672.
@victorjulien
smb: use lru for ssn2vec_map
543429f 
Generic ssn2vec_map was a HashMap used for mapping session key to
different types of vector data:
- GUID
- filename
- share name

Turn this into a bounded LruCache. Rename to ssn2vec_cache.

Size of the cache is 512 by default, and can be configured using:

`app-layer.protocols.smb.max-session-cache-size`

Ticket: OISF#5672.
@victorjulien
doc/userguide: document smb cache size limit options
278dc24 
Ticket: OISF#5672.
@codecov Codecov
Copy link

codecov bot commented Nov 6, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 88.85794% with 120 lines in your changes missing coverage. Please review.

Project coverage is 83.23%. Comparing base (dd71ef0) to head (278dc24).
Report is 19 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12094      +/-   ##
==========================================
- Coverage   83.25%   83.23%   -0.03%     
==========================================
  Files         910      906       -4     
  Lines      257571   257647      +76     
==========================================
+ Hits       214450   214458       +8     
- Misses      43121    43189      +68
Flag Coverage Δ
fuzzcorpus 61.20% <79.78%> (+0.03%) ⬆️
livemode 19.42% <21.07%> (+0.01%) ⬆️
pcap 44.43% <48.38%> (-0.05%) ⬇️
suricata-verify 62.70% <73.33%> (-0.08%) ⬇️
unittests 59.28% <46.42%> (-0.07%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

jasonish
jasonish approved these changes Nov 6, 2024
View reviewed changes
Copy link
Member

@jasonish jasonish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have not reviewed the transform changes myself, but merge looks OK.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 23276

@victorjulien victorjulien merged commit 278dc24 into OISF:master Nov 7, 2024
61 checks passed
This was referenced Nov 7, 2024
Closed
Closed
@victorjulien victorjulien deleted the next/628/20241106/v1 branch November 7, 2024 05:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish jasonish approved these changes

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@victorjulien @suricata-qa @jasonish @catenacyber