Project

General

Profile

Actions
Copy link

Bug #4672

closed

PR 6336 QA alert deviation

Added by Corey Thomas about 3 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
QA
Affected Versions:
git master
Effort:
medium
Difficulty:
medium
Label:
C

Description

Git master had a low alert deviation that happened between QA rebases.

Running against our SURI_TLPR1 test and reverting commits traces back to PR 6336 and commit https://github.com/OISF/suricata/pull/6336/commits/9b9f909d7db9ba4485bf50577868fa7072998487

Unfortunately the smallest reproducible test so far is TLPR1, which is our largest test and takes over 20minutes to run.

Smaller pcaps with single alerts do not seem to show any loss at small scale.

Running with "toserver" has alert deviation. https://github.com/ct0br0/suricata/commit/546b7b15d70a9bd0ed8f7356250f5eee5fd0c17e

Commenting out "toclient" lines of the commit do not seem to have any alert drops.

Actions
Copy link
 #1

Updated by Peter Manev about 3 years ago

Seems related mostly to http_useragent/to_server.
I have not found a single stream reproducible case so far.
There are no memcap hits during the run

Actions
Copy link
 #2

Updated by Corey Thomas about 3 years ago

Neither have I. Alerts that show up in only baseline and only test run have the same type of rules (to_server and some user agents)

Actions
Copy link
 #3

Updated by Victor Julien almost 3 years ago

  • Status changed from New to Closed

Fix tracked in #4685

Actions
Copy link
 #4

Updated by Victor Julien almost 3 years ago

  • Private changed from Yes to No
Actions
Copy link
 #5

Updated by Victor Julien almost 2 years ago

  • Target version set to QA
Actions
Copy link

Also available in: Atom PDF