Project

General

Profile

Actions

Feature #6857

closed

iprep: support seeing if rule is part of a rep list

Added by Victor Julien 8 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

E.g. something like iprep:src,myCategory,isset; and iprep:src,myCategory,isnotset;. Not sure about the keyword, just used that is done in dataset.


Subtasks 1 (0 open1 closed)

Feature #7102: iprep: support seeing if rule is part of a rep list (7.0.x backport)ClosedVictor JulienActions

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #6834: iprep: rule with '=,0' can't matchClosedVictor JulienActions
Actions #1

Updated by Victor Julien 8 months ago

  • Related to Bug #6834: iprep: rule with '=,0' can't match added
Actions #2

Updated by Jason Ish 6 months ago

isset and isnotset do map well to the dataset idea, but couldn't -1 be an option that also fits well with the current syntax?

Actions #3

Updated by Victor Julien 6 months ago

Jason Ish wrote in #note-2:

isset and isnotset do map well to the dataset idea, but couldn't -1 be an option that also fits well with the current syntax?

I think making things explicit is preferred over using a magic value.

Actions #4

Updated by Victor Julien 6 months ago

  • Status changed from New to In Review
  • Assignee changed from OISF Dev to Victor Julien
  • Target version changed from TBD to 8.0.0-beta1
Actions #5

Updated by Victor Julien 5 months ago

  • Label Needs backport to 7.0 added
Actions #6

Updated by OISF Ticketbot 5 months ago

  • Subtask #7102 added
Actions #7

Updated by OISF Ticketbot 5 months ago

  • Label deleted (Needs backport to 7.0)
Actions #8

Updated by Victor Julien 5 months ago

  • Status changed from In Review to Resolved
Actions #9

Updated by Victor Julien 4 months ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF