Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect/http: fix progress for headers keywords #11977

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

detect/http: fix progress for headers keywords #11977

wants to merge 1 commit into from

Conversation

catenacyber
Copy link
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7326

Describe changes:

  • detect/http: fix progress for headers keywords

SV_BRANCH=OISF/suricata-verify#2094

Should we have the generic fix of DetectAppLayerMultiRegister using only one tx progress ?

#11968 with better commit message

@catenacyber
detect/http: fix progress for headers keywords
be07102 
Ticket: 7326

Having a lower progress than the right one, made prefilter
bail out too early, not having found a buffer in the multi-buffer
that mathed the prefilter.

Hence, we got false negatives, if http.request_header or
http.response_header was used as fast pattern, and if the request
or response came in multiple packets, and the first of these packets
did not have enough data (like only http request line),
and the next packets did have the matching data.
@catenacyber catenacyber mentioned this pull request Oct 16, 2024
Closed
@codecov Codecov
Copy link

codecov bot commented Oct 16, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.66%. Comparing base (37fa2a6) to head (be07102).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11977      +/-   ##
==========================================
- Coverage   82.77%   82.66%   -0.12%     
==========================================
  Files         910      910              
  Lines      249016   249016              
==========================================
- Hits       206134   205848     -286     
- Misses      42882    43168     +286
Flag Coverage Δ
fuzzcorpus 60.56% <100.00%> (-0.21%) ⬇️
livemode 18.71% <100.00%> (ø)
pcap 44.13% <100.00%> (+0.04%) ⬆️
suricata-verify 62.17% <100.00%> (-0.03%) ⬇️
unittests 59.01% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPW2_autofp_stats_chk
.flow.end.tcp_state.last_ack 0 1 -

Pipeline 23121

@inashivb
Copy link
Member

Hi @catenacyber ! Could you please tell what does "right one" mean in your commit message "Having a lower progress than the right one.."?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@catenacyber @suricata-qa @inashivb