Actions
Bug #3476
closedTask #3759: datasets: finalize to move out of 'experimental'
datasets: Dataset not working in unix socket mode
Affected Versions:
Effort:
Difficulty:
Label:
Description
Dataset is not working in unix-socket mode. When a dataset (let's say ua) is defined in the yaml and when a rule is using the dataset (like doing dataset:set,ua), then Suricata fails loading when running in unix socket mode.
The reason is that DatasetsInit is called in the PreRunInit function that is called when pcap processing start. Thus at detection engine build time, the dataset is not yet defined and the rule fails to load.
Updated by Victor Julien almost 4 years ago
- Subject changed from Dataset not working in unix socket mode to datasets: Dataset not working in unix socket mode
- Parent task set to #3760
For unix socket mode we can probably follow the following logic:
static sets: treat like rules.
dynamic sets: treat like flow table.
Updated by Victor Julien almost 4 years ago
- Parent task changed from #3760 to #3759
Updated by Victor Julien almost 4 years ago
- Status changed from New to Assigned
- Assignee set to Shivani Bhardwaj
Updated by Shivani Bhardwaj over 3 years ago
- Status changed from Assigned to In Review
Updated by Shivani Bhardwaj over 3 years ago
- Status changed from In Review to Closed
- Effort deleted (
medium) - Difficulty deleted (
medium)
Actions