Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Smtp server detection 1125 v2.5 #11327

Closed
wants to merge 6 commits into from
Closed

Smtp server detection 1125 v2.5 #11327

wants to merge 6 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/1125
https://redmine.openinfosecfoundation.org/issues/6821
https://redmine.openinfosecfoundation.org/issues/5491

Describe changes:

  • smtp server detection (ie to_client)
  • ftp server detection (ie to_client)
  • smtp recognize more reply codes

SV_BRANCH=OISF/suricata-verify#1894

#11314 with dummy debug prints for @ct0br0

@catenacyber catenacyber added the needs baseline update QA will need a new base line label Jun 19, 2024
@catenacyber catenacyber mentioned this pull request Jun 19, 2024
Closed
@codecov Codecov
Copy link

codecov bot commented Jun 19, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 88.67925% with 12 lines in your changes missing coverage. Please review.

Project coverage is 82.40%. Comparing base (6256391) to head (788ac24).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11327      +/-   ##
==========================================
- Coverage   82.41%   82.40%   -0.02%     
==========================================
  Files         934      934              
  Lines      247239   247326      +87     
==========================================
+ Hits       203773   203804      +31     
- Misses      43466    43522      +56
Flag Coverage Δ
fuzzcorpus 60.26% <86.95%> (+0.02%) ⬆️
livemode 18.74% <10.86%> (-0.01%) ⬇️
pcap 43.62% <84.78%> (-0.18%) ⬇️
suricata-verify 61.34% <84.78%> (-0.02%) ⬇️
unittests 59.31% <38.67%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@ct0br0
Copy link

ct0br0 commented Jun 19, 2024

Just realized the changes are in this PR but the baseline had more ftp-tx in stats. How could I printf out for ftp-tx without the changes?

@catenacyber
Copy link
Contributor Author

Just realized the changes are in this PR but the baseline had more ftp-tx in stats. How could I printf out for ftp-tx without the changes?

I hope the less ftp txs come from more smtp flows that are printed...

@ct0br0
Copy link

ct0br0 commented Jun 19, 2024

Ok I can pull the SMTP then

@ct0br0
Copy link

ct0br0 commented Jun 19, 2024

So we have 141 more ftp.tx in the pcap from lolstmpX flows compared to master but the last PR had 5658 ftp.tx difference between master8 and the PR. Sounds like we need a master printf too to get all packets that ftp.tx have then?

@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPW1_stats_chk
.app_layer.error.smtp.parser 409 42 10.27%
SURI_TLPR1_stats_chk
.app_layer.flow.smtp 335817 347615 103.51%
.app_layer.flow.failed_tcp 178240 167256 93.84%
.app_layer.tx.ftp 101030 95386 94.41%
.app_layer.error.smtp.parser 527 144 27.32%
.ftp.memuse 10637 2906 27.32%

Pipeline 21142

@catenacyber catenacyber mentioned this pull request Jun 20, 2024
Closed
@catenacyber
Copy link
Contributor Author

Thanks Corey, #11333 should be better for FTP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish will be requested when the pull request is marked ready for review jasonish is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien will be requested when the pull request is marked ready for review victorjulien is a code owner

Assignees
No one assigned
Labels
needs baseline update QA will need a new base line
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@catenacyber @ct0br0 @suricata-qa