Project

General

Profile

Actions

Optimization #718

closed

"pass" IP-only rules should bypass detection engine after matching

Added by Victor Julien almost 12 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

If a "pass" IP-only rule matches, it will also match for all future packets of that flow. Hence, it makes sense to set a flag in the flow to bypass the detection engine.

Actions #1

Updated by Victor Julien almost 12 years ago

  • Status changed from Assigned to Closed
  • Target version set to 2.0beta1
  • % Done changed from 0 to 100

Fixed by:

commit 37c80ea5082bf6e2044f02f44307bf9d9c79906b
Author: Victor Julien <victor@inliniac.net>
Date:   Tue Jan 15 12:55:31 2013 +0100

    If an IP-only pass rule matches, set the no inspect flag for that flow. Bug #718.

Actions

Also available in: Atom PDF