Project

General

Profile

Actions

Bug #6304

closed

schema.json : if protocol such as ENIP is detection only, we do not have _tcp suffix in stats

Added by Philippe Antoine over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Meaning we get

1./stats/app_layer/error Additional properties are not allowed ('enip' was unexpected)
2./stats/app_layer/flow Additional properties are not allowed ('enip' was unexpected)
3./stats/app_layer/tx Additional properties are not allowed ('enip' was unexpected)

when running suricata-verify

Should we duplicate every protocol that can be over both TCP and UDP to have a third line in schema.json about it ?

Actions #1

Updated by Philippe Antoine over 1 year ago

cf AppLayerSetupCounters

Actions #2

Updated by Jason Ish over 1 year ago

Is there a valid reason why it doesn't have the suffix when in detection only mode? My feeling is there shouldn't be difference unless there is a good reason for it.

Actions #3

Updated by Philippe Antoine over 1 year ago

I do not know of a reason but to have `_tcp` prefix, you need both detection and registration on both udp and tcp as per the code of `AppLayerSetupCounters`

Actions #4

Updated by Philippe Antoine about 1 year ago

  • Status changed from New to In Review
Actions #5

Updated by Philippe Antoine about 1 year ago

  • Priority changed from Low to Normal
Actions #6

Updated by Philippe Antoine about 1 year ago

  • Assignee changed from OISF Dev to Philippe Antoine
Actions #7

Updated by Philippe Antoine about 1 year ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF