Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: showcase flow.action lack of update - v3 #2007

Closed
wants to merge 1 commit into from
Closed

tests: showcase flow.action lack of update - v3 #2007

wants to merge 1 commit into from

Conversation

jufajardini
Copy link
Contributor

It seems that in certain cases as seen in this test, flow.action isn't updated, even if, say, all packets from the flow are dropped.

Maybe this is due to the rule not being applied directly to the flow, but to each packet individually. But considering we are using a flow keyword, it seems that the engine should pass over the drop action to flow.action, at least in the flow event.

Bug #6976

Previous PR: #1987

Updates:

  • rebase
  • keep checks for version 8, for now - once bug is fixed and we merge these tests, then we can update them, if we backport the fix.

Ticket

If your pull request is related to a Suricata ticket, please provide
the full URL to the ticket here so this pull request can monitor
changes to the ticket status:

Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6976

@jufajardini
tests: showcase flow.action lack of update
8893121 
It seems that in certain cases as seen in this test, flow.action isn't
updated, even if, say, all packets from the flow are dropped.

Maybe this is due to the rule not being applied directly to the flow,
but to each packet individually. But considering we are using a flow
keyword, it seems that the engine should pass over the drop action to
flow.action, at least in the flow event.

Bug #6976
@jufajardini jufajardini mentioned this pull request Aug 13, 2024
Closed
@catenacyber
Copy link
Collaborator

Should we deprecate the master-6 builders now that Suricata 6 is EOL ?

@jufajardini
Copy link
Contributor Author

Should we deprecate the master-6 builders now that Suricata 6 is EOL ?

Good question. Considering we don't have builders for the others, I'm guessing that makes sense... 🤔

@catenacyber catenacyber added the requires suricata fix This PR requires an issue in Suricata to be fixed first label Aug 27, 2024
@jufajardini jufajardini mentioned this pull request Sep 20, 2024
Open
@jufajardini
Copy link
Contributor Author

suricata 6 checks removed with: #2052

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
requires suricata fix This PR requires an issue in Suricata to be fixed first
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jufajardini @catenacyber