Bug #7197: detect/flowvars: persist if the inspection happens on multiple packets - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #7197

open

detect/flowvars: persist if the inspection happens on multiple packets

Added by Philippe Antoine 3 months ago. Updated 3 months ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

Effort:

high

Difficulty:

Label:

Description

At the end of the run of each detection (frame, transaction..) the flowvar varlist in the DetectEngineThreadCtx gets reset by DetectVarProcessList

This prevents the flow variable to persist if the rule inspection happens on multiple packets ( as stored in a DetectEngineState )

SV test coming when I will get the ticket number

Related issues 1 (1 open — 0 closed)

History
Notes
Property changes

Actions

Copy link

Updated by Philippe Antoine 3 months ago

https://github.com/OISF/suricata-verify/pull/1999

Actions

Copy link

Updated by Philippe Antoine 3 months ago

Related to Bug #5576: Dataset is setting data despite the signature being a complete match added

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #7197

detect/flowvars: persist if the inspection happens on multiple packets

Updated by Philippe Antoine 3 months ago

Updated by Philippe Antoine 3 months ago