Jason Ish

Rebase and fix here: https://github.com/OISF/suricata/pull/11762

Re. commit: 56dbcd63cfc27499be8dc86d6c43419db7036960 Maybe a wording issue. But this adds pgsql metadata to alerts if available right? Maybe: ``` output/json: add pgsql metadata logging to alerts ```

> > Re. commit: [56dbcd6](https://github.com/OISF/suricata/commit/56dbcd63cfc27499be8dc86d6c43419db7036960) > > Maybe a wording issue. But this adds pgsql metadata to alerts if available right? Maybe: > > ``` > > output/json: add pgsql...

So out of the box behavior would be to log the first unknown ether_type, then after 60 seconds, relog for that same one or perhaps another? So in the case...

> So out of the box behavior would be to log the first unknown ether_type, then after 60 seconds, relog for that same one or perhaps another? So in the...

> > #11455 (comment) > > What information would we want to collect? > > The invalid ethertype values are probably due to misconfiguration or an unsupported encapsulation type. For...

Replaced by https://github.com/OISF/suricata/pull/11686.

> Note: the `detect-dns-response.c` file has many unit tests with dns packet bytes defined. I found that clang format tried to put each byte on its own line, making the...

Just some general comments, I haven't done a full-review as I do think some decisions and discussion are required. - Naming: This keyword attempts to match on `rrname` and `rdata`...

> Talking with @scrivs86 live, `dns.response` is `dns.response.domain_name` where we look for domain names in all sections : queries, answers, additional (instead of dns.query.name just looking for domain name in...