detect-flowbits: add details for flowbits v6

[hadiqaalamdar]

Task #6309

• I have read the contributing guide lines at https://docs.suricata.io/en/latest/devguide/codebase/contributing/contribution-process.html
• I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/
• I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/6309
Previous PR: #9971

Describe changes:

• added the recommended changes from the last PR.

SV_BRANCH=OISF/suricata-verify#1526

[jufajardini]

The pgsql failures are due to a recent new Suri merge.

[inashivb]

The pgsql failures are due to a recent new Suri merge.

And that tells that you should rebase your s-v PR w latest master and resubmit @hadiqaalamdar
Edit: Make both suricata and s-v PRs current if they aren't

[hadiqaalamdar]

And that tells that you should rebase your s-v PR w latest master and resubmit @hadiqaalamdar Edit: Make both suricata and s-v PRs current if they aren't

should I create the new PR now after rebasing or should I wait for further instructions on how to deal with noalert? Also, I'd like some feedback on my or operator implementation.

[jufajardini]

Hi there! Left a comment about the or operand. Shivani may have more to say about it.

If you know how to advance with this part, maybe you can submit a new PR with everything rebased, and that part update, while we understand how to approach the noalert case. :)

[jufajardini]

As we're in the array context here, I think this jb_set_string statement might get lost. I imagine that this has to be done after you close the array. Maybe you could set a bool here indicating if it was an or operation, and then you use that to add that output?

[hadiqaalamdar]

got it, I'll try this out. Thanks!

[hadiqaalamdar]

New PR: #10018