suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

Dataset set postmatch 5576 v24

Open catenacyber opened this issue 5 months ago • 2 comments

Link to ticket: https://redmine.openinfosecfoundation.org/issues/ https://redmine.openinfosecfoundation.org/issues/5576

Describe changes:

  • detect/dataset: delay set operation after signature full match

SV_BRANCH=https://github.com/OISF/suricata-verify/pull/2093

https://github.com/OISF/suricata/pull/13443 with warning fix (glad CI caught it)

The design is :

  • detect: postmatch can run AppLayerTxMatch callbacks (in its own commit)
  • usage of delay_postmatch: buffers using dataset/set are put at the tail of inspections whatever their progress
  • usage of DETECT_ENGINE_INSPECT_SIG_MATCH_MORE_BUF: dataset may return this new case to tell that ok we match on a multi-buffer, but we still want to try all occurrences of a multi-buffer (instead of returning a simple early match)

catenacyber avatar Jun 15 '25 19:06 catenacyber

Codecov Report

Attention: Patch coverage is 88.37209% with 20 lines in your changes missing coverage. Please review.

Project coverage is 83.48%. Comparing base (173132b) to head (ad679a4). Report is 6 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff            @@
##           master   #13449    +/-   ##
========================================
  Coverage   83.48%   83.48%            
========================================
  Files        1009     1009            
  Lines      274909   275041   +132     
========================================
+ Hits       229496   229618   +122     
- Misses      45413    45423    +10
Flag Coverage Δ
fuzzcorpus 61.75% <77.32%> (+0.02%) :arrow_up:
livemode 18.98% <38.37%> (+0.03%) :arrow_up:
pcap 44.59% <18.60%> (-0.07%) :arrow_down:
suricata-verify 65.04% <88.30%> (+<0.01%) :arrow_up:
unittests 59.11% <17.54%> (-0.04%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

codecov[bot] avatar Jun 15 '25 20:06 codecov[bot]

Information: QA ran without warnings.

Pipeline = 26527

suricata-qa avatar Jun 15 '25 22:06 suricata-qa

Next in https://github.com/OISF/suricata/pull/13475

catenacyber avatar Jun 18 '25 12:06 catenacyber