suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

Bug 4786/v4

Open inashivb opened this issue 1 year ago • 1 comments

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/5207

Note: This branch has a known failure and is just for an intermediary review. The work is yet to be completed and tested. Known issue is commented where it happens in the code.

Major changes that come along with this branch: All *bits shall follow the same syntax which was one of the complaints and motivation behind this work. The syntax shall be xbits:set,abc,expire 1000, track ip_dst; hostbits:set,abc,expire 1000, track ip_dst; flowbits:set,abc;

This makes a huge difference in the currently implemented hostbits syntax and will break any existing rules that use it. No rules were found in ET rulesets that used hostbits. The syntax currently in master for hostbits is:

hostbits:set,abc,src

which is an equivalent in terms of functionality to the syntax proposed in this PR:

hostbits:set,abc,expire 300, track ip_src;

inashivb avatar Aug 02 '22 09:08 inashivb

WARNING:

field test baseline %
build_asan

Pipeline 8456

suricata-qa avatar Aug 02 '22 11:08 suricata-qa

WARNING:

field baseline test %
build_asan

Pipeline 8456

suricata-qa avatar Nov 04 '22 09:11 suricata-qa

ERROR:

ERROR: QA failed on build_asan.

Pipeline 10596

suricata-qa avatar Nov 12 '22 18:11 suricata-qa

Replaced w #8205

inashivb avatar Nov 23 '22 17:11 inashivb