Actions
Bug #6304
closed
PA
PA
schema.json : if protocol such as ENIP is detection only, we do not have _tcp suffix in stats
Bug #6304:
schema.json : if protocol such as ENIP is detection only, we do not have _tcp suffix in stats
Affected Versions:
Effort:
Difficulty:
Label:
Description
Meaning we get
1./stats/app_layer/error Additional properties are not allowed ('enip' was unexpected)
2./stats/app_layer/flow Additional properties are not allowed ('enip' was unexpected)
3./stats/app_layer/tx Additional properties are not allowed ('enip' was unexpected)
when running suricata-verify
Should we duplicate every protocol that can be over both TCP and UDP to have a third line in schema.json about it ?
PA Updated by Philippe Antoine over 2 years ago
cf AppLayerSetupCounters
JI Updated by Jason Ish over 2 years ago
Is there a valid reason why it doesn't have the suffix when in detection only mode? My feeling is there shouldn't be difference unless there is a good reason for it.
PA Updated by Philippe Antoine over 2 years ago
I do not know of a reason but to have `_tcp` prefix, you need both detection and registration on both udp and tcp as per the code of `AppLayerSetupCounters`
PA Updated by Philippe Antoine over 2 years ago
- Status changed from New to In Review
https://github.com/OISF/suricata/pull/9848 first commit
PA Updated by Philippe Antoine over 2 years ago
- Priority changed from Low to Normal
PA Updated by Philippe Antoine over 2 years ago
- Assignee changed from OISF Dev to Philippe Antoine
PA Updated by Philippe Antoine over 2 years ago
- Status changed from In Review to Closed
Actions