Project

General

Profile

Actions

Bug #5467

closed

rules: more graceful handling of anomalies for stable versions

Added by Victor Julien about 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Recent content hex notation fixes and xbits noalert fixes are causing upgrade issues for MSSPs that allow ppl to bring their own rules. In these cases the rules suddenly fail to load after Suricata has been upgraded, leading to confusion.

The fixes themselves were correct, perhaps we can default to a more graceful way of handling them, like with our classtype keyword.

This will need subtickets for the xbits and content cases when we agree on an approach


Subtasks 2 (0 open2 closed)

Bug #5546: rules: don't error on bad hex in contentClosedJason IshActions
Bug #5547: rules: less strict parsing of unexpected flowbit optionsClosedVictor JulienActions
Actions

Also available in: Atom PDF