Project

General

Profile

Actions
Copy link

Feature #7801

open

Support multi-buffer byte variables

Added by Jeff Lucovsky 25 days ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

Issue 1412 described a situation with multiple buffers and byte variables.

Results are indeterminate and may cause issues when this occurs. Since there are existing rules that do this, it was decided for Suricata 8 that such usage will be
- Flagged as an error when --strict-rule-keywords is used
- Flagged with a warning message but permitted otherwise.

This ticket aims to resolve the indeterminate nature of the situation (see 1412) and provide full support for multi-buffer byte variables.

Related issues 1 (1 open0 closed)

Related to Suricata - Bug #1412: byte_test checks before byte_extract happens in some casesIn ReviewJeff LucovskyActions
Actions
Copy link
 #1

Updated by Jeff Lucovsky 25 days ago

  • Related to Bug #1412: byte_test checks before byte_extract happens in some cases added
Actions
Copy link

Also available in: Atom PDF