Jason Ish
Jason Ish
@scrivs86 Are you still interested in finishing this up? - keyword: I think this should be `dns.response.rrname` meaning it looks at all known rrname types in a DNS response. `rname`...
> > @scrivs86 Are you still interested in finishing this up? > > ``` > > * keyword: I think this should be `dns.response.rrname` meaning it looks at all known...
> > Note: the `detect-dns-response.c` file has many unit tests with dns packet bytes defined. I found that clang format tried to put each byte on its own line, making...
> Wondering (not sure) if we should add anything to the upgrading to 7 section... While this does change the output in 7, I do not believe in does in...
I tested on an AlmaLinux 9 system with a kernel command line of `fips=1`. With this option, Python functions like `hashlib.md5` fail unless `usedforsecurity=False` is added.
I'll have to think on it, but some effort is made to keep the container minimal. I already know of uses where rsyslog is layered in and don't want to...
> I think [d03660a](https://github.com/OISF/suricata/commit/d03660a646071a69ab6c377c3be202f9b2d292d8) is trying to solve something very similar. Is that not sufficient? I'm not sure I follow. Not sufficient if we're here I guess. Or is this...
> > > I think [d03660a](https://github.com/OISF/suricata/commit/d03660a646071a69ab6c377c3be202f9b2d292d8) is trying to solve something very similar. Is that not sufficient? > > > > > > I'm not sure I follow. Not sufficient...
> IIRC the rules aren't about tx inspection, so I'm curious about how they are related. I guess I'm not considering the rules. I'm just considering that the psuedo-packet is...