next/170/20231116/v1 #9816
Merged
next/170/20231116/v1 #9816
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ticket: OISF#6076
Ticket: OISF#6164 flow.pkts_toclient flow.pkts_toserver flow.bytes_toclient flow.bytes_toserver
This commit adds the null output device; to use, set the filetype to "nullsink" for each output that should discard and never persist logs/alerts/etc. This is implemented as an "internal eve output plugin" just like the syslog eve output type.
Issue: 1520 This commit adds the tenant id for context to rule and .config file loads.
Add the constants for the to_lowercase and to_uppercase transforms Issue: 6439
This commit adds the implementation for the case changing transforms: to_lowercase and to_uppercase Issue: 6439
Issue: 6439 Clarify the transform validation step. When a transform indicates that the content/byte-array is not compatible, validation will stop. Content is incompatible is some cases -- e.g., following the to_lowercase transform with content containing uppercase characters. An alert is not possible since the content contains uppercase and the transform has converted the buffer into all lowercase.
Ticket: OISF#6426 as per RFC 9113 ":authority" MUST NOT include the deprecated userinfo subcomponent for "http" or "https" schemed URIs.
Until now the implementation would scan the stream, fallback to the packet payload in exception cases, then keep track of where the match was and in the flow match logic reject the match if it was in the wrong buffer. This patch simplifies this logic, by refusing to inspect the packet payload when `only_stream` is set. To do this the `only_stream`/`no_stream` options are now translated to the pseudo protocols `tcp-stream` and `tcp-pkt` at parsing, so that the `flow` keyword doesn't have to evaluate these conditions anymore.
Use proper inspect engine codes instead of bool.
Update SigTest17 which left a dangling pointer.
Minor optimization that could lead to a reduction in host table lookups if more than one host feature is in use.
Remove unused thread ctx' from AC variants Use single thread store in detection. Minor cleanups.
victorjulien
requested review from
catenacyber,
jufajardini and
a team
as code owners
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## master #9816 +/- ##
==========================================
- Coverage 82.37% 82.35% -0.02%
==========================================
Files 968 971 +3
Lines 273866 273906 +40
==========================================
- Hits 225585 225575 -10
- Misses 48281 48331 +50
Flags with carried forward coverage won't be shown. Click here to find out more. |
jasonish
approved these changes
Nov 17, 2023
|
Information: QA ran without warnings. Pipeline 16571 |
This was referenced Nov 17, 2023
This was referenced Nov 17, 2023
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Staging:
SV_BRANCH=pr/1468