Project

General

Profile

Actions
Copy link

Bug #7197

open
PA OD

detect/flowvars: persist if the inspection happens on multiple packets

Bug #7197: detect/flowvars: persist if the inspection happens on multiple packets

Added by Philippe Antoine over 1 year ago. Updated 3 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
8.0.0
Effort:
high
Difficulty:
Label:

Description

At the end of the run of each detection (frame, transaction..) the flowvar varlist in the DetectEngineThreadCtx gets reset by DetectVarProcessList

This prevents the flow variable to persist if the rule inspection happens on multiple packets ( as stored in a DetectEngineState )

SV test coming when I will get the ticket number

Related issues 2 (2 open0 closed)

Related to Suricata - Feature #5576: Dataset is setting data despite the signature being a complete matchIn ReviewPhilippe AntoineActions
Related to Suricata - Feature #7801: rules: support multi-buffer byte variablesIn ReviewJeff LucovskyActions

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #2

  • Related to Feature #5576: Dataset is setting data despite the signature being a complete match added

PA Updated by Philippe Antoine 10 months ago Actions
Copy link
 #3

  • Affected Versions 8.0.0 added

PA Updated by Philippe Antoine 3 months ago Actions
Copy link
 #4

  • Status changed from New to Assigned

PA Updated by Philippe Antoine 21 days ago Actions
Copy link
 #5

  • Related to Feature #7801: rules: support multi-buffer byte variables added
Actions
Copy link

Also available in: PDF Atom