suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

Dns invalid additionals 7228 v4

Open catenacyber opened this issue 1 year ago • 6 comments

Link to ticket: https://redmine.openinfosecfoundation.org/issues/ https://redmine.openinfosecfoundation.org/issues/7228

Describe changes:

  • dns: improved handling of corrupt additionals
  • dns: improve probing parser by making it more strict to have better ground truth on QA

SV_BRANCH=https://github.com/OISF/suricata-verify/pull/2032

https://github.com/OISF/suricata/pull/11785 with newer commit for the DNS probing parser improvement

@jasonish what do you think about it ? Should we have a separate ticket and PR to handle first the probing parser ?

catenacyber avatar Sep 18 '24 12:09 catenacyber

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 82.57%. Comparing base (d3eb656) to head (e898e77). Report is 264 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11794      +/-   ##
==========================================
+ Coverage   82.53%   82.57%   +0.03%     
==========================================
  Files         919      919              
  Lines      248979   249012      +33     
==========================================
+ Hits       205506   205624     +118     
+ Misses      43473    43388      -85
Flag Coverage Δ
fuzzcorpus 60.41% <100.00%> (+0.08%) :arrow_up:
livemode 18.71% <0.00%> (-0.01%) :arrow_down:
pcap 44.16% <83.67%> (+<0.01%) :arrow_up:
suricata-verify 61.88% <85.71%> (+<0.01%) :arrow_up:
unittests 58.99% <65.30%> (+<0.01%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

codecov[bot] avatar Sep 18 '24 13:09 codecov[bot]

WARNING:

field baseline test %
SURI_TLPR1_stats_chk
.uptime 649 627 96.61%
.app_layer.error.dns_tcp.parser 30 3 10.0%

Pipeline 22741

suricata-qa avatar Sep 19 '24 05:09 suricata-qa

Should we have a separate ticket and PR to handle first the probing parser ?

Needs a ticket for sure.

jasonish avatar Sep 23 '24 22:09 jasonish

Should we have a separate ticket and PR to handle first the probing parser ?

Needs a ticket for sure.

Will do

catenacyber avatar Sep 25 '24 15:09 catenacyber

Created https://redmine.openinfosecfoundation.org/issues/7279 how does it look ?

catenacyber avatar Sep 25 '24 16:09 catenacyber

Status : to be rebased after merge of https://github.com/OISF/suricata/pull/11859 or later

catenacyber avatar Oct 02 '24 12:10 catenacyber

Rebased in https://github.com/OISF/suricata/pull/12349

catenacyber avatar Jan 07 '25 14:01 catenacyber