Bug #8158
closedBug #3220: ssl_version keyword negation (!) not working
ssl_version keyword negation (!) not working (7.0.x backport)
Updated by Philippe Antoine 7 days ago
- Assignee changed from Philippe Antoine to OISF Dev
I do not think this needs to be backported to 7 : nothing critical, an undocumented feature never worked, and this is just syntax sugar, not adding more expressivity to the rules language
Updated by Jason Ish 7 days ago
Philippe Antoine wrote in #note-1:
I do not think this needs to be backported to 7 : nothing critical, an undocumented feature never worked, and this is just syntax sugar, not adding more expressivity to the rules language
How does it fail. Does 7.0 silently accept the negation leading the user to think that it should work? Then a backport is fine.
Or does it error out as an invalid rule? Then probably not, its more of a feature then.
Updated by Philippe Antoine 7 days ago
How does it fail. Does 7.0 silently accept the negation leading the user to think that it should work?
yes
There are other cases where we use the opposite rule like https://redmine.openinfosecfoundation.org/issues/8010
Suricata8 silently accepts fragbits:M+D; leading the user to think that it should work, but it does not : it is handled as just M with trailing garbage ignored, and we do not want to backport it as existing ruleset will fail to load
Updated by Philippe Antoine 6 days ago
- Status changed from Assigned to In Review
Updated by Philippe Antoine 6 days ago
- Status changed from In Review to Closed