Bug #454
closed
HOME and EXT net variables
Added by Peter Manev over 12 years ago.
Updated over 12 years ago.
Description
imagine the following configuration in yaml:
""
HOME_NET: "any"
EXTERNAL_NET: "!$HOME_NET"
""
I think we should just ERR exit on that (with the latest git).
Instead Suricata loads and does not load all the rules (does not load all that use HOME_NET and EXT_NET variables in the rule, without a proper msg)
Thanks
Files
- File 0001-bug-454-Provide-better-error-message-when-the-user-s.patch added
- Status changed from New to Resolved
- Assignee set to Anoop Saldanha
Maybe it's a good idea to have a global check at start up as well. Give a fatal error if EXTERNAL_NET is !HOME_NET and HOME_NET is any.
Victor Julien wrote:
Maybe it's a good idea to have a global check at start up as well. Give a fatal error if EXTERNAL_NET is !HOME_NET and HOME_NET is any.
If we are checking it shouldn't be just for HOME_NET or EXTERNAL_NET. WE will have to check every address specified in conf to see if they have a !any set amongst them.
Can do this. Np
- Target version set to 1.3beta2
- % Done changed from 0 to 80
HOME_NET and EXTERNAL_NET are the most important I think, as that is a common mistake. But testing all is cool.
Applied the per rule error, thanks.
- File 0001-bug-454-global-check-to-see-if-address-and-port-vars.patch added
Add a global check for both addresss and port address vars.
Can you add some unittests as well:
port normal
port !any
address normal
address !any
The code SC_ERR_ADDRESS_ENGINE_GENERIC could be more specific I think. It's a configuration (thus user) error. Think the code should reflect that.
- File deleted (
0001-bug-454-Provide-better-error-message-when-the-user-s.patch)
- File deleted (
0001-bug-454-global-check-to-see-if-address-and-port-vars.patch)
rebased and reattached the patches from the start.
- Status changed from Resolved to Closed
All applied, thanks Anoop!
Also available in: Atom
PDF