Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rule-analyzer: Ensure content counts are accurate #3752

Closed
wants to merge 1 commit into from
Closed

rule-analyzer: Ensure content counts are accurate #3752

wants to merge 1 commit into from

Conversation

jlucovsky
Copy link
Contributor

Fix for issue 2605. Make sure that content is counted,
even if none of the specific content types are matched.

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/2605

Describe changes:

@jlucovsky
rule-analyzer: Ensure content counts are accurate
aceb9ac 
Fix for issue 2605.  Make sure that content is counted,
even if none of the specific content types are matched.
@jlucovsky jlucovsky requested a review from a team as a code owner March 27, 2019 22:18
victorjulien
victorjulien reviewed Mar 28, 2019
View reviewed changes
src/detect-engine-analyzer.c
@@ -1246,7 +1248,7 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
if (warn_encoding_norm_http_buf) {
fprintf(rule_engine_analysis_FD, " Warning: Rule may contain percent encoded content for a normalized http buffer match.\n");
}
if (warn_tcp_no_flow /*rule_flow == 0 && rule_flow == 0
if (warn_tcp_no_flow /*rule_flow == 0 && rule_flags == 0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is this change? Is it related to the counting?

Copy link
Contributor Author

@jlucovsky jlucovsky Mar 28, 2019
edited by victorjulien

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment was incorrect -- it's tracking the code at https://github.com/OISF/suricata/blob/master/src/detect-engine-analyzer.c#L1128

@victorjulien victorjulien mentioned this pull request Apr 4, 2019
Merged
@victorjulien
Copy link
Member

Merged in #3772, thanks Jeff!

@jlucovsky jlucovsky deleted the 2605.1 branch April 6, 2019 12:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien left review comments

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
2 participants
@jlucovsky @victorjulien