Conversation
For TCP, app_update_direction is set by AppLayerHandleTCPData Need to move up the call to AppLayerParserSetTransactionInspectId so that it is only run after DetectRunTx is run Ticket: 6299
expecially sets transactions to complete when we get a response without having seen the request. Ticket: OISF#6299
|
WARNING:
Pipeline 17370 |
|
"mqtt: review logic for setting event" <- weird subject. Subject should describe code change. |
| @@ -152,13 +152,24 @@ static void DetectRun(ThreadVars *th_v, | |||
| DetectRunFrames(th_v, de_ctx, det_ctx, p, pflow, &scratch); | |||
There was a problem hiding this comment.
commit message is very unclear, not understanding what we're doing and why
| } | ||
| } | ||
| do_sort = (array_idx > x); // sort if match added anything | ||
| uint32_t k = array_idx; |
There was a problem hiding this comment.
can you move this into a static inline helper func? Code is getting too large here
| @@ -1378,21 +1378,50 @@ static void DetectRunTx(ThreadVars *tv, | |||
|
|
|||
There was a problem hiding this comment.
commit message should explain why & how
| @@ -1226,7 +1226,7 @@ static bool DetectRunTxInspectRule(ThreadVars *tv, | |||
| } else if ((inspect_flags & DE_STATE_FLAG_FULL_INSPECT) == 0 && mpm_in_progress) { | |||
| TRACE_SID_TXS(s->id, tx, "no need to store no-match sig, " | |||
| "mpm will revisit it"); | |||
There was a problem hiding this comment.
commit message not explaining why/how and problem this solves
victorjulien
left a comment
victorjulien
left a comment
There was a problem hiding this comment.
Need a lot better commit messages, these don't explain much
Improving all of them, even if GitHub does not show which comment you put for which commit ;-) |
|
Continued in #10145 |
3 participants
Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6299
Describe changes:
#9638 rebased
ping @victorjulien ;-)