Merged
Conversation
When sliding a region it could start to overlap with the next region. This case wasn't handled, causing validation checks to trigger. This patch adds support for this, where largest region will be expanded to fit both region and both regions will be consolidated into it. Bug: OISF#6066.
During consolidation of regions, buf_offset could get out of sync if the region was grown on the left side. To fix, reset it and let "sbb slide" logic correct it. Bug: OISF#6117.
Slide error may happen if the region we're sliding starts to overlap with the next region. If we can't temporary grow the current region to merge with the next region, keep the regions separate.
Rust 1.70 has introduced some possible issues between LLVM and gcc causing link errors that are fixed by explicitly adding -lntdll. Thanks to extendr/rextendr#285 for the fix.
So far, we store one variable in state to hold whether we want to discard a long line till LF irrespective of direction. This means that a long command to the client followed by a regular command w LF can be considered as one long line which is incorrect. Bug 6054
Currently, there is no way to mark if LF was found and then the line was truncated. It becomes difficult to spot in the callers whether the line was truncated despite LF being found or not. So, label it clearly with a variable.
Set the IPv6 packet proto before parsing the ext headers, similar to decode-ipv4, incase of an ext header parsing error. Otherwise rule decode-events are not triggered for packets encapsulated in IPv6. Bug: OISF#6086.
In case of 'EXCEPTION_POLICY_REJECT', we were applying the same behavior regardless of being in IDS or IPS mode. This meant that (at least) the 'flow.action' was changed to drop when we hit an exception policy in IDS mode. Bug OISF#6109
and not the one from state If a SNMP flow starts with a V2 version transaction, then there is a V3i version transaction, we will now log V3 for the second transaction
The first report didn't have an example rule to go with.
Add Arch AUR information for installation on Arch-based distros.
victorjulien
requested review from
a team,
jasonish and
jufajardini
as code owners
|
NOTE: This PR may contain new authors: |
|
Information: QA ran without warnings. Pipeline 14335 |
This was referenced Jun 9, 2023
Closed
This was referenced Jun 9, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Staging:
SV_BRANCH=pr/1233