Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect/content: account for distance variables #12297

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

detect/content: account for distance variables #12297

wants to merge 1 commit into from
+10 −3

Conversation

jlucovsky
Copy link
Contributor

Under some cases (see the issue), the depth and offset values are used twice. This commit disregards the distance variable (if any), when computing the final depth.

Issue: 7390

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7390

Describe changes:

  • Avoid double add when there's a distance variable involved.

Provide values to any of the below to override the defaults.

  • To use an LibHTP, Suricata-Verify or Suricata-Update pull request,
    link to the pull request in the respective _BRANCH variable.
  • Leave unused overrides blank or remove.

SV_REPO=
SV_BRANCH=OISF/suricata-verify#2191
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

@jlucovsky
detect/content: account for distance variables
1a9460f 
Under some cases (see the issue), the depth and offset values are used
twice. This commit disregards the distance variable (if any), when
computing the final depth.

Issue: 7390
@codecov Codecov
Copy link

codecov bot commented Dec 17, 2024

Codecov Report

Attention: Patch coverage is 60.00000% with 4 lines in your changes missing coverage. Please review.

Please upload report for BASE (master@2c0d3b8). Learn more about missing BASE report.

Additional details and impacted files 
@@            Coverage Diff            @@
##             master   #12297   +/-   ##
=========================================
  Coverage          ?   83.23%           
=========================================
  Files             ?      912           
  Lines             ?   257632           
  Branches          ?        0           
=========================================
  Hits              ?   214438           
  Misses            ?    43194           
  Partials          ?        0
Flag Coverage Δ
fuzzcorpus 61.09% <60.00%> (?)
livemode 19.39% <0.00%> (?)
pcap 44.41% <50.00%> (?)
suricata-verify 62.86% <60.00%> (?)
unittests 59.18% <60.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

@victorjulien
Copy link
Member

"see the issue" <- this explanation belongs in the commit

@suricata-qa
Copy link

WARNING:

ERROR: QA failed on SURI_TLPR1_alerts_cmp.

field baseline test %
SURI_TLPW1_stats_chk
.detect.alert 153880 160312 104.18%
IPS_AFP_stats_chk
.detect.alert 129600 141480 109.17%

Pipeline 23980

@victorjulien
Copy link
Member

WARNING:

ERROR: QA failed on SURI_TLPR1_alerts_cmp.
field baseline test %
SURI_TLPW1_stats_chk
.detect.alert 153880 160312 104.18%
IPS_AFP_stats_chk
.detect.alert 129600 141480 109.17%

Pipeline 23980

I'd say this is unexpected and needs further analysis.

@victorjulien victorjulien marked this pull request as draft December 18, 2024 10:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jlucovsky @victorjulien @suricata-qa