Project

General

Profile

Actions

Bug #4672

closed

PR 6336 QA alert deviation

Added by Corey Thomas about 1 year ago. Updated about 9 hours ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
Affected Versions:
Effort:
medium
Difficulty:
medium
Label:
C

Description

Git master had a low alert deviation that happened between QA rebases.

Running against our SURI_TLPR1 test and reverting commits traces back to PR 6336 and commit https://github.com/OISF/suricata/pull/6336/commits/9b9f909d7db9ba4485bf50577868fa7072998487

Unfortunately the smallest reproducible test so far is TLPR1, which is our largest test and takes over 20minutes to run.

Smaller pcaps with single alerts do not seem to show any loss at small scale.

Running with "toserver" has alert deviation. https://github.com/ct0br0/suricata/commit/546b7b15d70a9bd0ed8f7356250f5eee5fd0c17e

Commenting out "toclient" lines of the commit do not seem to have any alert drops.

Actions #1

Updated by Peter Manev about 1 year ago

Seems related mostly to http_useragent/to_server.
I have not found a single stream reproducible case so far.
There are no memcap hits during the run

Actions #2

Updated by Corey Thomas about 1 year ago

Neither have I. Alerts that show up in only baseline and only test run have the same type of rules (to_server and some user agents)

Actions #3

Updated by Victor Julien about 1 year ago

  • Status changed from New to Closed

Fix tracked in #4685

Actions #4

Updated by Victor Julien 12 months ago

  • Private changed from Yes to No
Actions #5

Updated by Victor Julien about 9 hours ago

  • Target version set to QA
Actions

Also available in: Atom PDF