8000 Smtp inspection fix/v2 by inashivb · Pull Request #13507 · OISF/suricata · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Smtp inspection fix/v2 #13507

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Smtp inspection fix/v2 #13507

wants to merge 2 commits into from

Conversation

inashivb
Copy link
Member
@inashivb inashivb commented Jun 20, 2025
edited
Loading

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7783

Restores behavior from the past rejected PR b4c51d3 as that was correct.

Previous PR: #13505

Changes since v1:

  • fixed commit message
  • added upgrade note

NOTE: Requires upgrading of at least one internal test.

@inashivb
smtp: fix the point of triggering stream inspection
7e9ca99 
As a part of ab01a1b, in order to match the behavior in master, the
calls for triggering raw stream inspection were made when communication
in one direction for a transaction was completed. However, it was
incorrect to do so. Reliable inspection requires any request/response to
be completed. Hence, fix the behavior and make it consistent with all
the other applayer parsers.

SMTP parser can handle multiple command lines per direction. Appropriate calls
to trigger raw stream inspection have been added on succesful parsing of each
request and response line.

Bug 7783
@inashivb inashivb force-pushed the smtp-inspection-fix/v2 branch from ac90fc5 to 721b239 Compare June 20, 2025 11:11
@codecov Codecov
Copy link
codecov bot commented Jun 20, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.47%. Comparing base (495a12f) to head (721b239).
Report is 37 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #13507      +/-   ##
==========================================
- Coverage   83.48%   83.47%   -0.01%     
==========================================
  Files        1011     1011              
  Lines      274902   274901       -1     
==========================================
- Hits       229507   229485      -22     
- Misses      45395    45416      +21
Flag Coverage Δ
fuzzcorpus 61.77% <100.00%> (+<0.01%) ⬆️
livemode 18.95% <0.00%> (+<0.01%) ⬆️
pcap 44.65% <100.00%> (-0.02%) ⬇️
suricata-verify 65.02% <100.00%> (-0.02%) ⬇️
unittests 59.14% <85.71%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline = 26582

catenacyber
catenacyber reviewed Jun 25, 2025
View reviewed changes
catenacyber
catenacyber reviewed Jun 25, 2025
View reviewed changes
@inashivb inashivb mentioned this pull request Jun 30, 2025
Open
@inashivb inashivb closed this Jun 30, 2025
@inashivb inashivb deleted the smtp-inspection-fix/v2 branch June 30, 2025 10:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber left review comments

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@inashivb @suricata-qa @catenacyber
0