Skip to content

redis: Add authentication support v1 #13851

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

redis: Add authentication support v1 #13851

wants to merge 1 commit into from

Conversation

AmazingPP
Copy link
Contributor

Contribution style:

Our Contribution agreements:

Changes (if applicable):

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7062

Describe changes:

  • Add authentication support to the Redis logging output.
  • Authentication configuration defaults to null for backward compatibility.

@AmazingPP
redis: Add authentication support
228dbf5 
Add authentication support to the Redis logging output.
It introduces `username` and `password` configuration options for Redis,
allowing Suricata to authenticate with Redis servers that require it.

Ticket: 7062
@codecov Codecov
Copy link

codecov bot commented Sep 16, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@e62eb00). Learn more about missing BASE report.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #13851   +/-   ##
=======================================
  Coverage        ?   83.73%           
=======================================
  Files           ?     1011           
  Lines           ?   275170           
  Branches        ?        0           
=======================================
  Hits            ?   230412           
  Misses          ?    44758           
  Partials        ?        0
Flag Coverage Δ
fuzzcorpus 63.12% <ø> (?)
livemode 18.99% <ø> (?)
pcap 44.70% <ø> (?)
suricata-verify 65.12% <ø> (?)
unittests 59.15% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

jasonish
jasonish requested changes Sep 19, 2025
View reviewed changes
Copy link
Member

@jasonish jasonish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Async needs a little work.

src/util-log-redis.c
Comment on lines +133 to +141
static void SCRedisAsyncAuthCallback(redisAsyncContext *ac, void *r, void *privdata)
{
redisReply *reply = r;
if (reply != NULL && reply->type == REDIS_REPLY_ERROR) {
SCLogError("Redis AUTH failed: %s", reply->str);
} else if (reply != NULL) {
SCLogInfo("Redis authenticated successfully.");
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need some flag to tell us if authentication was successful or not.

In non-async mode, the connection is not setup completely if authentication fails, so we re-connect periodically, which is ideal.

In async mode we log that authentication failed, then proceed to send events to to the server. Instead authentication should be retried.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curious: don't we have to do anything in case reply == NULL?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’ve reworked the async path to use a proper state machine. It now retries authentication instead of just logging, and also handles the reply == NULL case in the auth callback.

@AmazingPP AmazingPP mentioned this pull request Sep 24, 2025
Open
5 tasks
@AmazingPP
Copy link
Contributor Author

Replaced by #13898

@AmazingPP AmazingPP closed this Sep 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish jasonish requested changes

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees

@jasonish jasonish

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AmazingPP @jasonish @jufajardini