Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

prefilter/multibuf: test with multiple packets #2094

Closed

Conversation

catenacyber
Copy link
Collaborator

Ticket: 7326

Ticket

Redmine ticket: https://redmine.openinfosecfoundation.org/issues/7326

@catenacyber catenacyber added the requires suricata fix This PR requires an issue in Suricata to be fixed first label Oct 15, 2024
@catenacyber catenacyber force-pushed the multibuf-prefilter-7326-v1 branch from 225a6bd to 72f6d13 Compare October 15, 2024 13:50
@catenacyber catenacyber added requires suricata pr Depends on a PR in Suricata and removed requires suricata fix This PR requires an issue in Suricata to be fixed first labels Oct 15, 2024
Comment on lines +7 to +8
checks:
- filter:
Copy link
Contributor

@jufajardini jufajardini Oct 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is sid: 1 not expected to match? If so, should we include a check to assert that?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sid 1 was a leftover from #2093 where I found this bug

@victorjulien
Copy link
Member

Not sure why, but this fails on my openbsd runner.

@victorjulien
Copy link
Member

ah
image

@catenacyber catenacyber force-pushed the multibuf-prefilter-7326-v1 branch from 32f0153 to 3398948 Compare November 5, 2024 10:00
@catenacyber
Copy link
Collaborator Author

Force-pushed the pcap resaved with my Wireshark

Before :
input.pcap: pcap capture file, microsecond ts, extensions (little-endian) - version 2.4 (No link-layer encapsulation, capture length 262144)
After:
input.pcap: pcap capture file, microsecond ts (little-endian) - version 2.4 (No link-layer encapsulation, capture length 262144)

@victorjulien
Copy link
Member

Merged in #2118, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
requires suricata pr Depends on a PR in Suricata
Development

Successfully merging this pull request may close these issues.

3 participants