-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
detect-flowbits: add details for flowbits v6 #10008
Conversation
The pgsql failures are due to a recent new Suri merge. |
And that tells that you should rebase your s-v PR w latest master and resubmit @hadiqaalamdar |
should I create the new PR now after rebasing or should I wait for further instructions on how to deal with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi there! Left a comment about the or
operand. Shivani may have more to say about it.
If you know how to advance with this part, maybe you can submit a new PR with everything rebased, and that part update, while we understand how to approach the noalert
case. :)
if (cd->or_list_size == 0) { | ||
jb_append_string(js, VarNameStoreSetupLookup(cd->idx, VAR_TYPE_FLOW_BIT)); | ||
} else if (cd->or_list_size > 0) { | ||
jb_set_string(js, "operator", "or"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As we're in the array context here, I think this jb_set_string
statement might get lost. I imagine that this has to be done after you close the array. Maybe you could set a bool here indicating if it was an or
operation, and then you use that to add that output?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
got it, I'll try this out. Thanks!
New PR: #10018 |
Task #6309
Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/6309
Previous PR: #9971
Describe changes:
SV_BRANCH=OISF/suricata-verify#1526