Skip to content

flowbits: add a validation callback during setup #14663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
inashivb wants to merge 1 commit into from
Closed

flowbits: add a validation callback during setup #14663

inashivb wants to merge 1 commit into from

Conversation

@inashivb
Copy link
Member

@inashivb inashivb commented Jan 21, 2026
edited
Loading

Previous PR: #14648

Link to tickets:

Changes since v6.4:

  • warnings have a return value of 0 so the engine still loads the rule
  • isset + isnotset is an error

Will see what needs to be done for bug 7638, no need to leave this in a stuck state

SV_BRANCH=OISF/suricata-verify#2876

@inashivb
flowbits: add a validation callback during setup
e48bbbc 
This should make it possible to catch invalid combinations in the same
signature early. This patch covers checking and erroring on the following
invalid cmd combinations:
- set + isset
- unset + isnotset
- set + toggle
- set + unset
- isset + isnotset
- unset + toggle

the same flowbit in the same signature which is basically an unnecessary
operation at runtime.

This also helps bring down the difficulty of handling of actual complex
flowbit chains.

Bug 7772
Bug 7773
Bug 7774
Bug 7817
Bug 7818
Bug 8166
@codecov
Copy link

codecov bot commented Jan 21, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.12%. Comparing base (c333b28) to head (e48bbbc).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #14663   +/-   ##
=======================================
  Coverage   82.11%   82.12%           
=======================================
  Files        1011     1011           
  Lines      262812   262865   +53     
=======================================
+ Hits       215812   215868   +56     
+ Misses      47000    46997    -3
Flag Coverage Δ
fuzzcorpus 60.22% <88.67%> (+0.04%) ⬆️
livemode 18.76% <0.00%> (+0.04%) ⬆️
pcap 44.59% <77.35%> (+<0.01%) ⬆️
suricata-verify 65.29% <100.00%> (+<0.01%) ⬆️
unittests 59.27% <77.35%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa
Copy link

suricata-qa commented Jan 21, 2026

WARNING:

field baseline test %
IPS_AFP_stats_chk
.decoder.unknown_ethertype 21 0 -
.decoder.event.ethernet.unknown_ethertype 21 0 -
TREX_GENERIC_stats_chk
.decoder.unknown_ethertype 23 0 -
.decoder.event.ethernet.unknown_ethertype 23 0 -
.tcp.pkt_on_wrong_thread 0 689 -
.tcp.memuse 1824000000 912000000 50.0%
.tcp.reassembly_memuse 2394336 1186696 49.56%
.flow.tcp_reuse 0 17 -
.flow.end.tcp_state.syn_sent 0 17 -
.flow.end.tcp_state.time_wait 0 11 -
.flow.end.tcp_state.last_ack 0 1 -
.flow.end.tcp_state.close_wait 0 13 -
.app_layer.error.dcerpc_tcp.parser 0 1 -

Pipeline = 29211

victorjulien
victorjulien reviewed Jan 21, 2026
View reviewed changes
@inashivb inashivb mentioned this pull request Jan 22, 2026
Closed
@inashivb inashivb closed this Jan 22, 2026
@inashivb inashivb deleted the flowbits-validation/v6.6 branch January 22, 2026 04:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@victorjulien victorjulien victorjulien left review comments

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@inashivb @suricata-qa @victorjulien