Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

next/222/20231211/v1 #10028

Merged
merged 5 commits into from
Dec 11, 2023
Merged

next/222/20231211/v1 #10028

merged 5 commits into from
Dec 11, 2023

Conversation

victorjulien
Copy link
Member

@inashivb @victorjulien
doc: clarify IP-only with iprep
b9540df
@inashivb @victorjulien
detect: rename SigAddressPrepare fns to SigPrepare
bd41b31 
There is nothing Address specific going on in the preparations.
Stage 1: Preprocessing happens. Sigs classified as IP Only, Masks
applied, content specific limits applied, etc and sig array built.
Stage 2: Sigs grouped by IPOnly, ports and protocols.
Stage 3: Decoder Events SGH built.
Stage 4: File flags set, sig grouping done per prefilter, etc.
@inashivb @victorjulien
detect-engine: use bool return type
47c9a14
@inashivb @victorjulien
detect-engine: use flag SIG_FLAG_MPM_NEG
3485880 
The flag SIG_FLAG_MPM_NEG is set before whitelisting the rules. Make it
better by checking for the flag in the beginning and return immediately.
@inashivb @victorjulien
detect/flowbits: remove DETECT_FLOWBITS_CMD_NOALERT
75471dd 
DETECT_FLOWBITS_CMD_NOALERT is misleading as it gives an impression that
noalert is a flowbit specific command that'll be used and dealt with at
some point but as soon as noalert is found in the rule lang, signature
flag for noalert is set and control is returned. It never gets added to
cmd of the flowbits object.
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 17005

@victorjulien victorjulien merged commit 75471dd into OISF:master Dec 11, 2023
43 checks passed
This was referenced Dec 11, 2023
Closed
Closed
Closed
@victorjulien victorjulien deleted the next/222/20231211/v1 branch December 11, 2023 20:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish jasonish approved these changes

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@victorjulien @suricata-qa @jasonish @inashivb