Skip to content

detect/proto: check ipproto enabled setting first#14761

Open
inashivb wants to merge 1 commit intoOISF:mainfrom
inashivb:appproto-enabling/v7
Open

detect/proto: check ipproto enabled setting first#14761
inashivb wants to merge 1 commit intoOISF:mainfrom
inashivb:appproto-enabling/v7

Conversation

@inashivb
Copy link
Member

@inashivb inashivb commented Feb 6, 2026

Previous PR: #14754

Link to ticket: https://redmine.openinfosecfoundation.org/issues/8205

Changes since v5:

  • issue warning at detection-only phase as that's more correct
  • rebased on top of latest main

SV_BRANCH=OISF/suricata-verify#2893

@inashivb
detect/proto: check ipproto enabled setting first
488b8e2 
So far, suricata.yaml was probed by default for
`app-layer.protocols.PROTOCOL.enabled`. If this was not found, then, an
attempt was made to look for
`app-layer.protocols.PROTOCOL.IPPROTO.enabled`. This is not ideal
behavior and restricts user to explicitly disable a carrier proto
specific protocol.
By default, check for carrier proto specific setting. If it is not
found, then fall back to the generic setting.
Issue a warning in case an inconsistent combination of global and
ipproto specific setting is found.

Bug 8205
@codecov
Copy link

codecov bot commented Feb 6, 2026

Codecov Report

❌ Patch coverage is 83.72093% with 14 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.14%. Comparing base (364d2c0) to head (488b8e2).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14761      +/-   ##
==========================================
- Coverage   82.15%   82.14%   -0.01%     
==========================================
  Files        1003     1003              
  Lines      263674   263695      +21     
==========================================
  Hits       216611   216611              
- Misses      47063    47084      +21
Flag Coverage Δ
fuzzcorpus 60.18% <52.32%> (-0.01%) ⬇️
livemode 18.76% <67.44%> (+0.02%) ⬆️
netns 18.54% <44.18%> (-0.02%) ⬇️
pcap 44.62% <66.27%> (-0.01%) ⬇️
suricata-verify 65.45% <81.39%> (+<0.01%) ⬆️
unittests 59.23% <69.76%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa
Copy link

suricata-qa commented Feb 6, 2026

Information: QA ran without warnings.

Pipeline = 29476

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@inashivb @suricata-qa