Skip to content

Igmp/v5#14907

Open
victorjulien wants to merge 12 commits intoOISF:mainfrom
victorjulien:igmp/v5
Open

Igmp/v5#14907
victorjulien wants to merge 12 commits intoOISF:mainfrom
victorjulien:igmp/v5

Conversation

@victorjulien
Copy link
Member

@victorjulien victorjulien commented Feb 26, 2026

SV_BRANCH=OISF/suricata-verify#2910

https://redmine.openinfosecfoundation.org/issues/8262

Adds decoder for IGMPv1, v2, v3, plus RGMP. Adds igmp-csum keyword, igmp.hdr sticky buffer and igmp.type keyword. Misc other additions.

#14901 rebased
unused event removed from schema

@victorjulien
decoder/igmp: initial decoder support for IGMP
99ea67b 
Basic v1, v2 and v3 header validation.

Ticket: OISF#8262.
@victorjulien
detect/proto: add igmp support
c992fed 
So 'alert igmp ...' can work.
@victorjulien
detect/csum: add igmp-csum keyword to match checksum
29953fe 
Add rule to decoder-events.rules to match on bad checksums.
@victorjulien
detect/ipopts: add qs and rtralt options
02d46c8 
Reordering of table and switch to match switch in parser.
@victorjulien
decoder/igmp: detect RGMP (RFC 3488)
cd750e7 
RGMP is a dialect of IGMP that uses the same protocol structure,
but with some different values for the fields.

Detect this and log it differently.
@victorjulien
detect: add igmp.hdr keyword
4477978
@victorjulien
detect: add igmp.type keyword
4fe454a
@victorjulien
detect/tcp.flags: minor code cleanup
01286e0
@victorjulien
eve/igmp: add schema support for alert records
2b841cf
@victorjulien
decoder/igmp: add decoder events
6922bf1
@victorjulien
doc/userguide: add missing ipopts values
4c40779
@victorjulien
doc/userguide: add igmp keyword docs
1080908
@victorjulien victorjulien requested review from a team and jufajardini as code owners February 26, 2026 05:58
@victorjulien victorjulien mentioned this pull request Feb 26, 2026
Closed
@codecov
Copy link

codecov bot commented Feb 26, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 75.67568% with 63 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.91%. Comparing base (569ba3d) to head (1080908).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14907      +/-   ##
==========================================
- Coverage   81.93%   81.91%   -0.03%     
==========================================
  Files         986      990       +4     
  Lines      271105   271353     +248     
  Branches    31005    31067      +62     
==========================================
+ Hits       222139   222275     +136     
- Misses      46822    46919      +97     
- Partials     2144     2159      +15
Flag Coverage Δ
fuzzcorpus 60.97% <42.97%> (-0.03%) ⬇️
livemode 18.26% <10.84%> (-0.01%) ⬇️
netns 18.34% <10.84%> (-0.06%) ⬇️
pcap 45.17% <42.97%> (-0.05%) ⬇️
suricata-verify 58.52% <63.85%> (-0.01%) ⬇️
unittests 58.79% <15.83%> (-0.05%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa
Copy link

suricata-qa commented Feb 26, 2026

Information: QA ran without warnings.

Pipeline = 29904

@victorjulien victorjulien added this to the 9.0 milestone Feb 26, 2026
@suricata-qa
Copy link

suricata-qa commented Feb 27, 2026

WARNING:

field baseline test %
SURI_TLPW1_stats_chk
2026-02-27T03:37:13.528362Z 01O .decoder.event.ipv4.unknown_protocol 4817 0
SURI_TLPR1_stats_chk
2026-02-27T03:37:04.540449Z 01O .decoder.event.ipv4.unknown_protocol 263252 200422

Pipeline = 29923

@victorjulien victorjulien mentioned this pull request Mar 1, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish jasonish approved these changes

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

Assignees

No one assigned

Labels

None yet

Milestone

9.0

Development

Successfully merging this pull request may close these issues.

4 participants

@victorjulien @suricata-qa @jasonish @ct0br0