Project

General

Profile

Actions
Copy link

Bug #6304

closed

schema.json : if protocol such as ENIP is detection only, we do not have _tcp suffix in stats

Added by Philippe Antoine 8 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Affected Versions:
7.0.1
Effort:
Difficulty:
Label:

Description

Meaning we get

1./stats/app_layer/error Additional properties are not allowed ('enip' was unexpected)
2./stats/app_layer/flow Additional properties are not allowed ('enip' was unexpected)
3./stats/app_layer/tx Additional properties are not allowed ('enip' was unexpected)

when running suricata-verify

Should we duplicate every protocol that can be over both TCP and UDP to have a third line in schema.json about it ?

Actions
Copy link
 #1

Updated by Philippe Antoine 8 months ago

cf AppLayerSetupCounters

Actions
Copy link
 #2

Updated by Jason Ish 8 months ago

Is there a valid reason why it doesn't have the suffix when in detection only mode? My feeling is there shouldn't be difference unless there is a good reason for it.

Actions
Copy link
 #3

Updated by Philippe Antoine 8 months ago

I do not know of a reason but to have `_tcp` prefix, you need both detection and registration on both udp and tcp as per the code of `AppLayerSetupCounters`

Actions
Copy link
 #4

Updated by Philippe Antoine 6 months ago

  • Status changed from New to In Review
Actions
Copy link
 #5

Updated by Philippe Antoine 5 months ago

  • Priority changed from Low to Normal
Actions
Copy link
 #6

Updated by Philippe Antoine 5 months ago

  • Assignee changed from OISF Dev to Philippe Antoine
Actions
Copy link
 #7

Updated by Philippe Antoine 5 months ago

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: Atom PDF