Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Next/20220120/v1 #6822

Merged
merged 2 commits into from
Jan 20, 2022
Merged

Next/20220120/v1 #6822

merged 2 commits into from
Jan 20, 2022

Conversation

victorjulien
Copy link
Member

@jufajardini @victorjulien
rust/applayer: add function for upgrading to TLS
4c743b8
@jufajardini @victorjulien
pgsql: add initial support
579d7dc 
- add nom parsers for decoding most messages from StartupPhase and
SimpleQuery subprotocols
- add unittests
- tests/fuzz: add pgsql to confyaml

Feature: OISF#4241
@victorjulien victorjulien requested review from jasonish, norg and a team as code owners January 20, 2022 11:24
@codecov
Copy link

codecov bot commented Jan 20, 2022

Codecov Report

Merging #6822 (579d7dc) into master (8918f53) will decrease coverage by 0.08%.
The diff coverage is 46.51%.

@@            Coverage Diff             @@
##           master    #6822      +/-   ##
==========================================
- Coverage   77.41%   77.32%   -0.09%     
==========================================
  Files         627      628       +1     
  Lines      187159   187245      +86     
==========================================
- Hits       144888   144790      -98     
- Misses      42271    42455     +184
Flag Coverage Δ
fuzzcorpus 57.72% <48.19%> (-0.28%) ⬇️
suricata-verify 52.36% <10.25%> (-0.05%) ⬇️
unittests 62.84% <8.97%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@victorjulien victorjulien merged commit 579d7dc into OISF:master Jan 20, 2022
@victorjulien victorjulien mentioned this pull request Jan 20, 2022
Closed
@victorjulien victorjulien deleted the next/20220120/v1 branch January 28, 2022 16:30
victorjulien added a commit to victorjulien/suricata that referenced this pull request Mar 1, 2024
@victorjulien
detect/threshold: implement tracking 'by_flow'
f0518cf 
Implemented as a special "flowvar" holding the threshold
entries.

Ticket: OISF#6822.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Mar 1, 2024
@victorjulien
detect/threshold: implement tracking 'by_flow'
681ccb7 
Implemented as a special "flowvar" holding the threshold
entries.

Ticket: OISF#6822.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Mar 2, 2024
@victorjulien
detect/threshold: implement tracking 'by_flow'
f028db7 
Add support for 'by_flow' track option. This allows using the various
threshold options in the context of a single flow.

Example:

    alert tcp ... stream-event:pkt_broken_ack; \
        threshold:type limit, track by_flow, count 1, seconds 3600;

The example would limit the number of alerts to once per hour for
packets triggering the 'pkt_broken_ack' stream event.

Implemented as a special "flowvar" holding the threshold entries. This
means no synchronization is required, making this a cheaper option
compared to the other trackers.

Ticket: OISF#6822.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Mar 4, 2024
@victorjulien
detect/threshold: implement tracking 'by_flow'
f331c84 
Add support for 'by_flow' track option. This allows using the various
threshold options in the context of a single flow.

Example:

    alert tcp ... stream-event:pkt_broken_ack; \
        threshold:type limit, track by_flow, count 1, seconds 3600;

The example would limit the number of alerts to once per hour for
packets triggering the 'pkt_broken_ack' stream event.

Implemented as a special "flowvar" holding the threshold entries. This
means no synchronization is required, making this a cheaper option
compared to the other trackers.

Ticket: OISF#6822.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Mar 5, 2024
@victorjulien
detect/threshold: implement tracking 'by_flow'
8f711d8 
Add support for 'by_flow' track option. This allows using the various
threshold options in the context of a single flow.

Example:

    alert tcp ... stream-event:pkt_broken_ack; \
        threshold:type limit, track by_flow, count 1, seconds 3600;

The example would limit the number of alerts to once per hour for
packets triggering the 'pkt_broken_ack' stream event.

Implemented as a special "flowvar" holding the threshold entries. This
means no synchronization is required, making this a cheaper option
compared to the other trackers.

Ticket: OISF#6822.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Mar 8, 2024
@victorjulien
detect/threshold: implement tracking 'by_flow'
ac996c5 
Add support for 'by_flow' track option. This allows using the various
threshold options in the context of a single flow.

Example:

    alert tcp ... stream-event:pkt_broken_ack; \
        threshold:type limit, track by_flow, count 1, seconds 3600;

The example would limit the number of alerts to once per hour for
packets triggering the 'pkt_broken_ack' stream event.

Implemented as a special "flowvar" holding the threshold entries. This
means no synchronization is required, making this a cheaper option
compared to the other trackers.

Ticket: OISF#6822.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Mar 13, 2024
@victorjulien
detect/threshold: implement tracking 'by_flow'
22c4066 
Add support for 'by_flow' track option. This allows using the various
threshold options in the context of a single flow.

Example:

    alert tcp ... stream-event:pkt_broken_ack; \
        threshold:type limit, track by_flow, count 1, seconds 3600;

The example would limit the number of alerts to once per hour for
packets triggering the 'pkt_broken_ack' stream event.

Implemented as a special "flowvar" holding the threshold entries. This
means no synchronization is required, making this a cheaper option
compared to the other trackers.

Ticket: OISF#6822.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Apr 18, 2024
@victorjulien
detect/threshold: implement tracking 'by_flow'
b44e281 
Add support for 'by_flow' track option. This allows using the various
threshold options in the context of a single flow.

Example:

    alert tcp ... stream-event:pkt_broken_ack; \
        threshold:type limit, track by_flow, count 1, seconds 3600;

The example would limit the number of alerts to once per hour for
packets triggering the 'pkt_broken_ack' stream event.

Implemented as a special "flowvar" holding the threshold entries. This
means no synchronization is required, making this a cheaper option
compared to the other trackers.

Ticket: OISF#6822.
victorjulien added a commit to victorjulien/suricata that referenced this pull request May 7, 2024
@victorjulien
detect/threshold: implement tracking 'by_flow'
d240b70 
Add support for 'by_flow' track option. This allows using the various
threshold options in the context of a single flow.

Example:

    alert tcp ... stream-event:pkt_broken_ack; \
        threshold:type limit, track by_flow, count 1, seconds 3600;

The example would limit the number of alerts to once per hour for
packets triggering the 'pkt_broken_ack' stream event.

Implemented as a special "flowvar" holding the threshold entries. This
means no synchronization is required, making this a cheaper option
compared to the other trackers.

Ticket: OISF#6822.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Jun 5, 2024
@victorjulien
detect/threshold: implement tracking 'by_flow'
cb0841b 
Add support for 'by_flow' track option. This allows using the various
threshold options in the context of a single flow.

Example:

    alert tcp ... stream-event:pkt_broken_ack; \
        threshold:type limit, track by_flow, count 1, seconds 3600;

The example would limit the number of alerts to once per hour for
packets triggering the 'pkt_broken_ack' stream event.

Implemented as a special "flowvar" holding the threshold entries. This
means no synchronization is required, making this a cheaper option
compared to the other trackers.

Ticket: OISF#6822.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Jun 18, 2024
@victorjulien
detect/threshold: implement tracking 'by_flow'
b0fda6e 
Add support for 'by_flow' track option. This allows using the various
threshold options in the context of a single flow.

Example:

    alert tcp ... stream-event:pkt_broken_ack; \
        threshold:type limit, track by_flow, count 1, seconds 3600;

The example would limit the number of alerts to once per hour for
packets triggering the 'pkt_broken_ack' stream event.

Implemented as a special "flowvar" holding the threshold entries. This
means no synchronization is required, making this a cheaper option
compared to the other trackers.

Ticket: OISF#6822.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Jun 24, 2024
@victorjulien
detect/threshold: implement tracking 'by_flow'
6e82c82 
Add support for 'by_flow' track option. This allows using the various
threshold options in the context of a single flow.

Example:

    alert tcp ... stream-event:pkt_broken_ack; \
        threshold:type limit, track by_flow, count 1, seconds 3600;

The example would limit the number of alerts to once per hour for
packets triggering the 'pkt_broken_ack' stream event.

Implemented as a special "flowvar" holding the threshold entries. This
means no synchronization is required, making this a cheaper option
compared to the other trackers.

Ticket: OISF#6822.
victorjulien added a commit to victorjulien/suricata that referenced this pull request Jun 28, 2024
@victorjulien
detect/threshold: implement tracking 'by_flow'
1552f09 
Add support for 'by_flow' track option. This allows using the various
threshold options in the context of a single flow.

Example:

    alert tcp ... stream-event:pkt_broken_ack; \
        threshold:type limit, track by_flow, count 1, seconds 3600;

The example would limit the number of alerts to once per hour for
packets triggering the 'pkt_broken_ack' stream event.

Implemented as a special "flowvar" holding the threshold entries. This
means no synchronization is required, making this a cheaper option
compared to the other trackers.

Ticket: OISF#6822.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@norg norg Awaiting requested review from norg

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@victorjulien @jufajardini