Project

General

Profile

Actions
Copy link

Feature #7801

open
JL JL

rules: support multi-buffer byte variables

Feature #7801: rules: support multi-buffer byte variables

Added by Jeff Lucovsky 9 months ago. Updated 11 days ago.

Status:
In Review
Priority:
Normal
Assignee:
Jeff Lucovsky
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

Issue 1412 described a situation with multiple buffers and byte variables.

Results are indeterminate and may cause issues when this occurs. Since there are existing rules that do this, it was decided for Suricata 8 that such usage will be
- Flagged as an error when --strict-rule-keywords is used
- Flagged with a warning message but permitted otherwise.

This ticket aims to resolve the indeterminate nature of the situation (see 1412) and provide full support for multi-buffer byte variables.

Related issues 1 (1 open0 closed)

Related to Suricata - Bug #1412: byte_test checks before byte_extract happens in some casesIn ReviewJeff LucovskyActions

JL Updated by Jeff Lucovsky 9 months ago Actions
Copy link
 #1

  • Related to Bug #1412: byte_test checks before byte_extract happens in some cases added

PA Updated by Philippe Antoine 15 days ago Actions
Copy link
 #2

  • Status changed from New to In Review
  • Assignee changed from OISF Dev to Jeff Lucovsky

VJ Updated by Victor Julien 11 days ago Actions
Copy link
 #3

  • Subject changed from Support multi-buffer byte variables to rules: support multi-buffer byte variables
Actions
Copy link

Also available in: PDF Atom