Actions
Bug #6304
closedschema.json : if protocol such as ENIP is detection only, we do not have _tcp suffix in stats
Affected Versions:
Effort:
Difficulty:
Label:
Description
Meaning we get
1./stats/app_layer/error Additional properties are not allowed ('enip' was unexpected)
2./stats/app_layer/flow Additional properties are not allowed ('enip' was unexpected)
3./stats/app_layer/tx Additional properties are not allowed ('enip' was unexpected)
when running suricata-verify
Should we duplicate every protocol that can be over both TCP and UDP to have a third line in schema.json about it ?
Updated by Jason Ish about 1 year ago
Is there a valid reason why it doesn't have the suffix when in detection only mode? My feeling is there shouldn't be difference unless there is a good reason for it.
Updated by Philippe Antoine about 1 year ago
I do not know of a reason but to have `_tcp` prefix, you need both detection and registration on both udp and tcp as per the code of `AppLayerSetupCounters`
Updated by Philippe Antoine 12 months ago
- Status changed from New to In Review
https://github.com/OISF/suricata/pull/9848 first commit
Updated by Philippe Antoine 11 months ago
- Priority changed from Low to Normal
Updated by Philippe Antoine 11 months ago
- Assignee changed from OISF Dev to Philippe Antoine
Updated by Philippe Antoine 11 months ago
- Status changed from In Review to Closed
Actions