Add a more visible explanation of that requests, responses, frontend and
and backend are, in Pgsql context, to avoid having to repeat that over
different portions of the docs.
(cherry picked from commit bba3d4fc63)
A CanceldRequest can occur after any query request, and is sent over a
new connection, leading to a new flow. It won't take any reply, but, if
processed by the backend, will lead to an ErrorResponse.
Task #6577
(cherry picked from commit 30ac77ce65)
With the changes in the probing_ts function, this other one could become
obsolete. Remove it, and directly call `parser::parse_request` when
checking for gaps, instead.
(cherry picked from commit 9aeeac532e)
Some non-pgsql traffic seen by Suricata is mistankenly identified as
pgsql, as the probing function is too generic. Now, if the parser sees
an unknown message type, even if it looks like pgsql, it will fail.
Bug #6080
(cherry picked from commit 4f85d06192)
We had unkonwn message type for the backend, but not the frontend
messages. It's important to better identify those to improve pgsql
probing functions.
Related to
Bug #6080
(cherry picked from commit 1ac5d97259)
Fix SCTIME_ADD_SECS zeroing subsecond part
When adding s seconds to SCtime_t ts, don't zero out the ts.usecs field.
Issue: 6584
Fix SCTIME_FROM_TIMESPEC garbage microseconds part
When converting nanosecond to microseconds divide by 1000 instead
of multiplying by 1000.
Issue: 6585
(cherry picked from commit 0850e3d137)
Initialize both seconds and useconds of packet timestamp from napatech
timestamp format.
This commit uses updated macro definitions from util-utime.h to avoid
zero seconds value.
Issue: 6372
(cherry picked from commit 417806ca35)
This commit takes care of original seconds value and prevents the
useconds field from overflowing pas its maximum value.
Issue: 6372
(cherry picked from commit d3095ac058)
Our tls fields not_after and not_before are actually logged as
`notafter` and `notbefore`, but were documented with the underscore.
Update the documentation, since updating the log format itself would be
a breaking change.
Task #5494
(cherry picked from commit a649a92afd)
Ticket: #6426
as per RFC 9113
":authority" MUST NOT include the deprecated userinfo subcomponent
for "http" or "https" schemed URIs.
(cherry picked from commit e3cd0d073f)
FlowInit() will only be called on a newly allocated, or a fully cleaned
up flow, so no existing storage will exist.
The only caller of `FLOW_RECYCLE` first calls `FlowFreeStorage()`, so
the reset logic in `FLOW_RECYCLE` can never trigger.
Remove now unused MacSetReset logic.
With the change to the hash table for tracking threaded loggers, this
call is now called once per thread, so should be changed to the
ThreadDeinit, as that is not longer being called.
Then call Deinit for the primary logger. In threaded mode this would be
the parent, its just the logger in non-threaded mode.
Bug: #6438
Needed for predictable scheduling. From pthread_cond_signal man page:
"The pthread_cond_signal() or pthread_cond_broadcast() functions may
be called by a thread whether or not it currently owns the mutex that
threads calling pthread_cond_wait() or pthread_cond_timedwait() have
associated with the condition variable during their waits; however, if
predictable scheduling behaviour is required, then that mutex is locked
by the thread calling pthread_cond_signal() or pthread_cond_broadcast()."
If the configuration field "formats" is empty, DNS response records do
not have any relevant information other than that there was a
response, but not much about the response.
I'm pretty sure the intention here was to log the response details if
no formats were provided, which is what happens when the field is
commented out.
So if no formats are specified, use the default of all.
Bug: #6420
Make sure Suricata is in the running state before
you attempt to execute commands on the Unix sockets.
UnixMain is being called in an infinite loop where
TmThreadsCheckFlag(th_v, THV_KILL) is checked for the
deinit phase. However, it may take some time between
the start of Suricata's deinitialization and
the receipt of THV_KILL flag in the Unix thread.
In between this time period, the Unix manager can still
perform select() operation on the Unix socket while
the socket being already deinitialized.
Likely with a longer time span between the initial shutdown
command and actual closing of Unix sockets resulted in
an error of invalid file descriptors.
Ticket: #6272
Jeff Lucovsky
Juliana Fajardini
Philippe Antoine
Victor Julien
Stephen Donnelly
Ilya Bakhtin
jason taylor
daniel zhao
Jason Ish
Kirjan Kohuladas
Lukas Sismis
Daniel Olatunji