Shivani Bhardwaj
Shivani Bhardwaj
> Could there be one action for packet, and another one for flow ? Nice question. I'm interested too. And then which one would be applied if there can be..
> However, I think the real issue here might be that SSL is already reporting one active transaction, even if none, or complete. That's exactly what I was suggesting too....
> Is there a public test case yet? Here: https://github.com/OISF/suricata-verify/pull/2080
Thank you for your first contribution to Suricata! :)
@catenacyber what did you clean from the last rev? commit hashes are exactly the same
@glongo if you change `SV_BRANCH`, please tag a team member to rerun the CI checks as they are not auto run.
> Still not entirely fan of the keyword itself, as I feel it is better to have it as an option somehow. But since the existing keywords map to eve,...
As discussed internally, we'll keep the syntax of previous PR
Hi @catenacyber ! Could you please tell what does "right one" mean in your commit message "Having a lower progress than the right one.."?
> Esp the memcmp stuff is not always faster than the libc implementation, sometimes a lot slower. For smaller data set?