Project

General

Profile

Actions
Copy link

Bug #5467

closed

rules: more graceful handling of anomalies for stable versions

Added by Victor Julien over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
6.0.7
Affected Versions:
Effort:
Difficulty:
Label:

Description

Recent content hex notation fixes and xbits noalert fixes are causing upgrade issues for MSSPs that allow ppl to bring their own rules. In these cases the rules suddenly fail to load after Suricata has been upgraded, leading to confusion.

The fixes themselves were correct, perhaps we can default to a more graceful way of handling them, like with our classtype keyword.

This will need subtickets for the xbits and content cases when we agree on an approach

Subtasks 2 (0 open2 closed)

Bug #5546: rules: don't error on bad hex in contentClosedJason IshActions
Bug #5547: rules: less strict parsing of unexpected flowbit optionsClosedVictor JulienActions
Actions
Copy link
 #1

Updated by Victor Julien about 2 years ago

  • Priority changed from Normal to High
Actions
Copy link
 #2

Updated by Victor Julien about 2 years ago

  • Subtask #5546 added
Actions
Copy link
 #3

Updated by Victor Julien about 2 years ago

  • Subtask #5547 added
Actions
Copy link
 #4

Updated by Victor Julien about 2 years ago

  • Status changed from Assigned to In Review
Actions
Copy link
 #5

Updated by Victor Julien about 2 years ago

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: Atom PDF