Project

General

Profile

Actions
Copy link

Bug #7197

open
PA OD

detect/flowvars: persist if the inspection happens on multiple packets

Bug #7197: detect/flowvars: persist if the inspection happens on multiple packets

Added by Philippe Antoine over 1 year ago. Updated 2 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
8.0.0
Effort:
high
Difficulty:
Label:

Description

At the end of the run of each detection (frame, transaction..) the flowvar varlist in the DetectEngineThreadCtx gets reset by DetectVarProcessList

This prevents the flow variable to persist if the rule inspection happens on multiple packets ( as stored in a DetectEngineState )

SV test coming when I will get the ticket number

Related issues 1 (1 open0 closed)

Related to Suricata - Feature #5576: Dataset is setting data despite the signature being a complete matchIn ReviewPhilippe AntoineActions

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #2

  • Related to Feature #5576: Dataset is setting data despite the signature being a complete match added

PA Updated by Philippe Antoine 9 months ago Actions
Copy link
 #3

  • Affected Versions 8.0.0 added

PA Updated by Philippe Antoine 2 months ago Actions
Copy link
 #4

  • Status changed from New to Assigned
Actions
Copy link

Also available in: PDF Atom