Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rule: Don't drop flow if rule matches on packet properties. #9632

Closed
wants to merge 2 commits into from
Closed

rule: Don't drop flow if rule matches on packet properties. #9632

wants to merge 2 commits into from

Conversation

jlucovsky
Copy link
Contributor

Continuation of #9618
This commit modifies the logic used to determine the disposition of a flow/packet.

If the rule contains packet match properties, the flow shouldn't be dropped.

Link to redmine ticket: 5578

Describe changes:

  • When deciding how to handle the drop action, check if the rule applies to packet properties.

Updates:

  • Cherry-pick of in-flight byteorder crate version update

Provide values to any of the below to override the defaults.

To use a pull request use a branch name like pr/N where N is the
pull request number.

Alternatively, SV_BRANCH may also be a link to an
OISF/suricata-verify pull-request.

SV_BRANCH=OISF/suricata-verify#1424

jlucovsky and others added 2 commits October 15, 2023 09:55
@jlucovsky
detect/alert: Drop packet if rule is pkt only
b7fcc8e 
This commit modifies the logic used to determine the disposition of a
flow/packet.

If the rule contains packet match properties, the flow shouldn't be
dropped.

Issue: 5578
@catenacyber @jlucovsky
rust: tilde version for byteorder
9ed5eee 
so that we get one compatible with MSRV
@jlucovsky jlucovsky requested review from victorjulien, jasonish and a team as code owners October 16, 2023 13:08
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 16160

@jlucovsky jlucovsky mentioned this pull request Oct 20, 2023
Closed
@jlucovsky
Copy link
Contributor Author

Continued in #9664

@jlucovsky jlucovsky closed this Oct 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jlucovsky @suricata-qa @catenacyber