Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rule: Don't drop flow if rule matches on packet properties. #9618

Closed
wants to merge 1 commit into from
Closed

rule: Don't drop flow if rule matches on packet properties. #9618

wants to merge 1 commit into from

Conversation

jlucovsky
Copy link
Contributor

@jlucovsky jlucovsky commented Oct 15, 2023
edited by inashivb
Loading

This commit modifies the logic used to determine the disposition of a flow/packet.

If the rule contains packet match properties, the flow shouldn't be dropped.

Link to redmine ticket: 5578

Describe changes:

  • When deciding how to handle the drop action, check if the rule applies to packet properties.

Provide values to any of the below to override the defaults.

To use a pull request use a branch name like pr/N where N is the
pull request number.

Alternatively, SV_BRANCH may also be a link to an
OISF/suricata-verify pull-request.

SV_BRANCH=OISF/suricata-verify#1424

@jlucovsky
detect/alert: Drop packet if rule is pkt only
b7fcc8e 
This commit modifies the logic used to determine the disposition of a
flow/packet.

If the rule contains packet match properties, the flow shouldn't be
dropped.

Issue: 5578
@jlucovsky jlucovsky requested a review from a team as a code owner October 15, 2023 14:10
@inashivb
Copy link
Member

inashivb commented Oct 16, 2023
edited
Loading

I'm reworking the s-v PR. The failures seem related to a recent merge about deduplicating PCAPs.
Edit: Done.

@inashivb
Copy link
Member

Jeff, this PR also seems to need 0f097ac

@jlucovsky jlucovsky mentioned this pull request Oct 16, 2023
Closed
@jlucovsky
Copy link
Contributor Author

Continued in #9618

@jlucovsky jlucovsky closed this Oct 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jlucovsky @inashivb