Optimization #569
open
display syntax requirement on keyword parsing error
Added by Victor Julien about 13 years ago.
Updated over 2 years ago.
Description
Currently if the syntax of a rule keyword is wrong we print just a pcre error most of the times.
It would be good to have a string per keyword that is displayed on error.
Format:
threshold: type <threshold|limit|both>, track <by_src|by_dst>, count <N>, seconds <T>
- Priority changed from Normal to Low
- Target version changed from 1.4beta3 to 1.4rc1
- Target version changed from 1.4rc1 to 2.0rc2
- Target version changed from 2.0rc2 to 3.0RC2
- Target version changed from 3.0RC2 to 70
- Priority changed from Low to Normal
- Target version changed from 70 to TBD
- Assignee changed from OISF Dev to Anonymous
- Effort set to high
- Difficulty set to low
- Assignee set to Community Ticket
- Assignee changed from Community Ticket to Jason Taylor
It looks like the last discussion that was had around this was in https://github.com/OISF/suricata/pull/4251. Are there any update thoughts or ideas around this? I was going to take another look at this but wanted to see if anyone else had or was.
- Assignee changed from Jason Taylor to Community Ticket
Side-note: We want to move away from pcre for keywords, and we still need meaningful error messages
- Tracker changed from Bug to Optimization
Also available in: Atom
PDF