beats
beats copied to clipboard
elastic
packetbeat/decoder: reset multilayer decoding layers for each sniffed packet
The current logic for multilayer use means that sucessive packets in the stream from the sniffer can end up as parts of the multilayer although they are not related layers. The documentation for the type says it is provided to allow "switching between multiple layers to remember outer layer results", but successive packet in the sniffer stream do not have this relationship.
For #33012
This pull request does not have a backport label. If this is a bug or security fix, could you label this PR @efd6? 🙏. For such, you'll need to label your PR with:
- The upcoming major version of the Elastic Stack
- The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change) To fixup this pull request, you need to add the backport labels for the needed branches, such as:
backport-v8./d.0is the label to automatically backport to the8./dbranch./dis the digit
![mergify[bot] avatar](https://avatars.githubusercontent.com/in/10562?v=4 "Published by a pub.dev verified publisher"){kind=small}
:green_heart: Build Succeeded
the below badges are clickable and redirect to their specific view in the CI or DOCS
Expand to view the summary
Build stats
-
Start Time: 2022-09-20T23:29:30.936+0000
-
Duration: 44 min 46 sec
Test stats :test_tube:
| Test | Results |
|---|---|
| Failed | 0 |
| Passed | 1709 |
| Skipped | 19 |
| Total | 1728 |
:green_heart: Flaky test report
Tests succeeded.
:robot: GitHub comments
Expand to view the GitHub comments
To re-run your PR in the CI, just comment with:
-
/test: Re-trigger the build. -
/package: Generate the packages and run the E2E tests. -
/beats-tester: Run the installation tests with beats-tester. -
runelasticsearch-ci/docs: Re-trigger the docs validation. (use unformatted text in the comment!)
Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
I don't know why the cnt field was added; I have been using it as a sequence number while debugging, and I suspect that was the reason it was originally included. In the long run, I think it can probably go away, but it's useful at the moment.