Skip to content

Igmp/v4#14901

Closed
victorjulien wants to merge 12 commits intoOISF:mainfrom
victorjulien:igmp/v4
Closed

Igmp/v4#14901
victorjulien wants to merge 12 commits intoOISF:mainfrom
victorjulien:igmp/v4

Conversation

@victorjulien
Copy link
Member

SV_BRANCH=OISF/suricata-verify#2910

https://redmine.openinfosecfoundation.org/issues/8262

Adds decoder for IGMPv1, v2, v3, plus RGMP. Adds igmp-csum keyword, igmp.hdr sticky buffer and igmp.type keyword. Misc other additions.

#14834 rebased

Basic v1, v2 and v3 header validation.

Ticket: OISF#8262.
So 'alert igmp ...' can work.
Add rule to decoder-events.rules to match on bad checksums.
Reordering of table and switch to match switch in parser.
RGMP is a dialect of IGMP that uses the same protocol structure,
but with some different values for the fields.

Detect this and log it differently.
@victorjulien victorjulien requested review from a team and jufajardini as code owners February 24, 2026 21:52
@victorjulien victorjulien mentioned this pull request Feb 24, 2026
@jasonish jasonish self-assigned this Feb 24, 2026
@codecov
Copy link

codecov bot commented Feb 24, 2026

Codecov Report

❌ Patch coverage is 69.88417% with 78 lines in your changes missing coverage. Please review.
✅ Project coverage is 73.26%. Comparing base (ccd1df9) to head (2b23e1c).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff            @@
##             main   #14901    +/-   ##
========================================
  Coverage   73.26%   73.26%            
========================================
  Files         993      997     +4     
  Lines      271862   272110   +248     
  Branches    48276    48340    +64     
========================================
+ Hits       199177   199369   +192     
- Misses      47279    47310    +31     
- Partials    25406    25431    +25     
Flag Coverage Δ
fuzzcorpus 57.06% <38.55%> (-0.03%) ⬇️
livemode 15.43% <10.44%> (+<0.01%) ⬆️
netns 15.46% <10.44%> (-0.04%) ⬇️
pcap 40.87% <37.75%> (-0.01%) ⬇️
suricata-verify 58.50% <63.85%> (+0.02%) ⬆️
unittests 50.22% <13.89%> (-0.04%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline = 29876

Comment on lines +6657 to +6660
"invalid_type": {
"type": "integer",
"description": "invalid IGMP type"
},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this actually exist?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oops no, left over from earlier version

Copy link
Member

@jasonish jasonish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Has been running fine for a while, but I don't have much IGMP.

@victorjulien victorjulien mentioned this pull request Feb 26, 2026
@victorjulien
Copy link
Member Author

Continues in #14907

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

3 participants