Next/20221202/v4 #8235
Closed
Next/20221202/v4 #8235
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This fixes issue 4759. The problem is, that when tcp rules are active in case of a tcp dns connection first the server to client is inspected and nothing found. Afterwards the full flow is marked as processed and therefore the dns query in TCP is not found. Bug: OISF#4759.
Use the lzma-rs crate for decompressing swf/lzma files instead of the lzma decompressor in libhtp. This decouples suricata from libhtp except for actual http parsing, and means libhtp no longer has to export a lzma decompression interface. Ticket: OISF#5638
AF_XDP support is a recent technology introduced that aims at improving capture performance. With this update, Suricata now provides a new capture source 'af-xdp' that attaches an eBPF program to the network interface card. Packets received in the NIC queue are forwarded to a RX ring in user-space, bypassing the Linux network stack. Note, there is a configuration option (force-xdp-mode) that forces the packet through the normal Linux network stack. libxdp and libbpf is required for this feature and is compile time configured. This capture source operates on single and multi-queue NIC's via suricata.yaml. Here, various features can be enabled, disabled or edited as required by the use case. This feature currently only supports receiving packets via AF_XDP, no TX support has been developed. Ticket: https://redmine.openinfosecfoundation.org/issues/3306 Additional reading: https://www.kernel.org/doc/html/latest/networking/af_xdp.html
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## master #8235 +/- ##
==========================================
- Coverage 81.69% 81.65% -0.04%
==========================================
Files 965 968 +3
Lines 278507 278604 +97
==========================================
- Hits 227523 227492 -31
- Misses 50984 51112 +128
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
WARNING: ERROR: QA failed on SURI_TLPR1_alerts_cmp.
Pipeline 11041 |
|
Investigating the dns related QA failures. |
|
replaced by #8237 which drops the dns patch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Staging: