From 6f40ce56791a981dbe6353e90752afee51eeaa20 Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Mon, 20 Jan 2025 08:46:39 -0500 Subject: [PATCH 1/2] detect/csum: rm interaction btw stream setting/csum Issue: 7467 Stream checksum validation no longer has a side effect of setting PKT_IGNORE_CHECKSUM and thus, no longer affects csum keyword checks. --- src/stream-tcp.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 7352f2bdc74f..f0e5f3bcf30c 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -5958,11 +5958,7 @@ TmEcode StreamTcp (ThreadVars *tv, Packet *p, void *data, PacketQueueNoLock *pq) StatsIncr(tv, stt->counter_tcp_invalid_checksum); return TM_ECODE_OK; } - } else { - p->flags |= PKT_IGNORE_CHECKSUM; } - } else { - p->flags |= PKT_IGNORE_CHECKSUM; //TODO check that this is set at creation } AppLayerProfilingReset(stt->ra_ctx->app_tctx); From 36b596383eab928fcab2f3157f52b6bb31ec4da0 Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Tue, 21 Jan 2025 09:21:24 -0500 Subject: [PATCH 2/2] doc/csum: Stream checksum validation change Describe the change of behavior between the stream.checksum-validation setting and checksum-based rule keywords. --- doc/userguide/upgrade.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst index 4bf74b65284d..fe7a67b92ba4 100644 --- a/doc/userguide/upgrade.rst +++ b/doc/userguide/upgrade.rst @@ -82,6 +82,14 @@ Major changes - Unknown requirements in the ``requires`` keyword will now be treated as unmet requirements, causing the rule to not be loaded. See :ref:`keyword_requires`. +- The configuration setting controlling stream checksum checks no longer affects + checksum keyword validation. Previously, when ``stream.checksum-validation`` + was set to ``no``, the checksum keywords (e.g., ``ipv4-csum``, ``tcpv4-csum``, etc) + would either match or not match according to the value used with the checksum keyword. + Previous behavior would return a match when ``ipv4-csum: valid`` was specified and + not match if ``ipv4-csum: invalid`` was used. With 8.0, a match will occur based on the + computed checksum and the value (``valid`` or ``invalid``) agree. + Removals ~~~~~~~~