Detect bidir 5665 v11 #11246
Closed
Detect bidir 5665 v11 #11246
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ticket: 5665 This is done with `alert ip any any => any any` The => operator means that we will need both directions
By using keywords bidir.toclient and bidir.toserver, the following keywords are forced to the direction even if they can match on both directions. Ticket: 5665
Do not require a rule to use bidir.toserver after the usage of bidir.toclient for unambiguous keywords, where the rule writer does not want to explicit the redundant direction.
Closed
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #11246 +/- ##
==========================================
+ Coverage 82.99% 83.00% +0.01%
==========================================
Files 942 942
Lines 249358 249510 +152
==========================================
+ Hits 206951 207112 +161
+ Misses 42407 42398 -9
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Information: QA ran without warnings. Pipeline 20971 |
victorjulien
reviewed
Jun 6, 2024
src/detect-engine-state.c
Outdated
| s->dir_state[i].filestore_cnt = 0; | ||
| s->dir_state[i].flags = 0; | ||
| /* reset 'cur' back to the list head */ | ||
| s->dir_state[i].cur = s->dir_state[0].head; |
There was a problem hiding this comment.
Thanks for the detail, nice catch.
Hope to read something more about the overview of this PR ;-)
|
Try to look at |
|
Information: QA ran without warnings. Pipeline 21010 |
Closed
|
Continued in #11293 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/5665
Describe changes:
SV_BRANCH=OISF/suricata-verify#1889
Draft again because of second commit
General feedback expected :-)
TODO :
bidir.toclient?@victorjulien is there now a protocol with bidirectional frames ? (Enip rust has it in #11184)
#10904 rebased with some new test in SV