Actions
Feature #7801
open
JL
JL
rules: support multi-buffer byte variables
Feature #7801:
rules: support multi-buffer byte variables
Effort:
Difficulty:
Label:
Description
Issue 1412 described a situation with multiple buffers and byte variables.
Results are indeterminate and may cause issues when this occurs. Since there are existing rules that do this, it was decided for Suricata 8 that such usage will be
- Flagged as an error when --strict-rule-keywords is used
- Flagged with a warning message but permitted otherwise.
This ticket aims to resolve the indeterminate nature of the situation (see 1412) and provide full support for multi-buffer byte variables.
JL Updated by Jeff Lucovsky 10 months ago
- Related to Bug #1412: byte_test checks before byte_extract happens in some cases added
PA Updated by Philippe Antoine about 1 month ago
- Status changed from New to In Review
- Assignee changed from OISF Dev to Jeff Lucovsky
VJ Updated by Victor Julien about 1 month ago
- Subject changed from Support multi-buffer byte variables to rules: support multi-buffer byte variables
PA Updated by Philippe Antoine 21 days ago
- Related to Bug #7197: detect/flowvars: persist if the inspection happens on multiple packets added
JL Updated by Jeff Lucovsky 19 days ago
- Related to Bug #8458: detect/variable: warn if rules try to use byte vars before they're extracted added
Actions