Suricata

Loading a dataset via a signature with memcap should be discarded properly instead of a partial load.

[51158] Config: datasets: dataset: httphosts-seen loading from '/usr/local/var/lib/suricata/data/foobar.set'
[51158] Config: datasets: dataset: httphosts-seen loaded 2168171 records
[51158] Error: detect-dataset: dataset too large for set memcap
[51158] Error: detect: error parsing signature "alert http $HOME_NET any -> any any (msg:"TEST"; flow:established,to_server; http.host; dataset:set,foobar,type string,state foobar.set,memcap 150mb,hashsize 1000000; sid:1337; rev:1;)" from file/usr/local/var/lib/suricata/rules/test.rules at line 3
[51158] Config: detect: No rules loaded from /usr/local/var/lib/suricata/rules/test.rules
[51158] Warning: detect: 1 rule files specified, but no rules were loaded!

The error would assume the rule is not loaded and the dataset is also not present, but it actually is in current versions (at least part of the dataset data that fit into the memcap limit):

>>> dataset-lookup foobar string Zm9vYmFyMTkwMDAwMC5kZQo=
Success:
"item found in set" 

We will provide a fix, the root cause is in codepath the data is loaded but not discarded in a correct way once the memcap check is hit.