Bug #454
closedHOME and EXT net variables
Description
imagine the following configuration in yaml:
""
HOME_NET: "any"
EXTERNAL_NET: "!$HOME_NET"""
I think we should just ERR exit on that (with the latest git).
Instead Suricata loads and does not load all the rules (does not load all that use HOME_NET and EXT_NET variables in the rule, without a proper msg)
Thanks
Files
Updated by Anoop Saldanha over 12 years ago
- File 0001-bug-454-Provide-better-error-message-when-the-user-s.patch added
- Status changed from New to Resolved
- Assignee set to Anoop Saldanha
patch attached.
Updated by Victor Julien over 12 years ago
Maybe it's a good idea to have a global check at start up as well. Give a fatal error if EXTERNAL_NET is !HOME_NET and HOME_NET is any.
Updated by Anoop Saldanha over 12 years ago
Victor Julien wrote:
Maybe it's a good idea to have a global check at start up as well. Give a fatal error if EXTERNAL_NET is !HOME_NET and HOME_NET is any.
If we are checking it shouldn't be just for HOME_NET or EXTERNAL_NET. WE will have to check every address specified in conf to see if they have a !any set amongst them.
Can do this. Np
Updated by Victor Julien over 12 years ago
- Target version set to 1.3beta2
- % Done changed from 0 to 80
HOME_NET and EXTERNAL_NET are the most important I think, as that is a common mistake. But testing all is cool.
Applied the per rule error, thanks.
Updated by Anoop Saldanha over 12 years ago
- File 0001-bug-454-global-check-to-see-if-address-and-port-vars.patch added
Add a global check for both addresss and port address vars.
Updated by Victor Julien over 12 years ago
Can you add some unittests as well:
port normal
port !any
address normal
address !any
The code SC_ERR_ADDRESS_ENGINE_GENERIC could be more specific I think. It's a configuration (thus user) error. Think the code should reflect that.
Updated by Anoop Saldanha over 12 years ago
- File deleted (
0001-bug-454-Provide-better-error-message-when-the-user-s.patch)
Updated by Anoop Saldanha over 12 years ago
- File deleted (
0001-bug-454-global-check-to-see-if-address-and-port-vars.patch)
Updated by Anoop Saldanha over 12 years ago
- File 0001-bug-454-global-check-to-see-if-address-and-port-vars.patch 0001-bug-454-global-check-to-see-if-address-and-port-vars.patch added
- File 0002-bug-454-add-unittests-for-the-address-port-conf-var-.patch 0002-bug-454-add-unittests-for-the-address-port-conf-var-.patch added
- File 0003-bug-454-rebase-fix.-Also-use-better-error-code-to-in.patch 0003-bug-454-rebase-fix.-Also-use-better-error-code-to-in.patch added
rebased and reattached the patches from the start.
Updated by Victor Julien over 12 years ago
- Status changed from Resolved to Closed
All applied, thanks Anoop!