suricata Detect negated content absent buffer 2224 v12

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/2224 https://redmine.openinfosecfoundation.org/issues/6629 https://redmine.openinfosecfoundation.org/issues/6575

Describe changes:

detect: negated content matches on absent buffer
detect: adds absent keyword to match on absent buffer
detect: unify multi-buffer code

SV_BRANCH=pr/1535

https://github.com/OISF/suricata-verify/pull/1535

#10140 for all sticky buffers

@jasonish what do you think about the template commit ?

Feb 08 '24 14:02 catenacyber

Should I first make a PR with only the following commits ?

detect: unify functions for multi-buffer
detect/template: make template use DetectEngineInspectBufferGeneric

Feb 08 '24 14:02 catenacyber

ERROR:

ERROR: QA failed on ASAN_TLPR1_cfg.

Pipeline 18248

Feb 08 '24 14:02 suricata-qa

CI seems unhappy with my hack about functions cast...

Should I then update InspectionBufferGetDataPtr and all its users to add a new argument ?

Feb 08 '24 14:02 catenacyber

Draft needing rebase on latest master, fixing compiler warning, and answer to the questions above

Feb 09 '24 16:02 catenacyber

Status, to be rebased after #10462 is merged

Mar 01 '24 20:03 catenacyber

Although I am not in depth on the technical implementation of Suricata, great work! This feature will be an amazing addition to improve the rule writing experience and allow us to write new rules that were not possible or insanely complicated before!

Mar 06 '24 12:03 Koen1999

Although I am not in depth on the technical implementation of Suricata, great work! This feature will be an amazing addition to improve the rule writing experience and allow us to write new rules that were not possible or insanely complicated before!

Thanks @Koen1999 I appreciate your comment :-)

Mar 12 '24 19:03 catenacyber

ERROR:

ERROR: QA failed on ASAN_TLPR1_cfg.

Pipeline 18248

May 27 '24 15:05 suricata-qa

Rebased in https://github.com/OISF/suricata/pull/11159

May 27 '24 20:05 catenacyber