Skip to content

redis: Add authentication support v2 #13898

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

redis: Add authentication support v2 #13898

wants to merge 1 commit into from

Conversation

AmazingPP
Copy link
Contributor

@AmazingPP AmazingPP commented Sep 24, 2025
edited
Loading

Replaces: #13851

Changes since v1:

  • Reworked async mode to use a state machine for connection and authentication.
  • Authentication is now retried on failure.
  • Handled reply == NULL in the authentication callback.
  • Added a guard: if a Redis username is set without a password, ignore the username and log a warning.

Manual testing

I manually tested the changes in both sync and async modes across different scenarios. All expected results matched actual results.

Case Scenario Result
1 No auth Success, logs written
2 Wrong password Connection failed, error logged
3 Correct password Success, logs written
4 Missing password Connection failed, error logged
5 ACL (valid) Success, logs written
6 ACL (wrong password) Connection failed, error logged
7 ACL (no username provided) Connection failed, error logged
8 Re-authentication Connection recovered, logs written after re-auth

Contribution style:

Our Contribution agreements:

Changes (if applicable):

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7062

Describe changes:

  • Add authentication support to the Redis logging output.
  • Authentication configuration defaults to null for backward compatibility.

@AmazingPP
redis: Add authentication support
26ad777 
Add authentication support to the Redis logging output.
It introduces `username` and `password` configuration options for Redis,
allowing Suricata to authenticate with Redis servers that require it.

Ticket: 7062
@AmazingPP AmazingPP mentioned this pull request Sep 24, 2025
Closed
5 tasks
@jasonish
Copy link
Member

Seems to behave better. I haven't given it a thorough review yet, but I did notice that when authentication fails, it tends to retry harder, than when the connection fails. The main issue here is that it reconnects a lot more often than during a connection failure, and leads to some flooding of the logs. Is that intentional? Or a side affect?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AmazingPP @jasonish