Detect origin keyword 6794 v2 #11770
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add option of role to live device configuration. Possible roles are : trusted, untrusted, and unknown. Configurable via suricata.yaml. AF-Packet and DPDK runmodes supported, others default to unknown role.
Allows for matching against packets based on the role of the live device. The origin of a packet refers to the role of the live device where the flow originated from.
Adds the copy device to the live device structure. Valid only in IPS mode.
Allows for matching against packets based on the role of the copy live device. For IPS only. The destination of a packet refers to the role of the copy live device.
scottfgjordan
requested review from
jufajardini,
victorjulien and
a team
as code owners
3 tasks
|
NOTE: This PR may contain new authors. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #11770 +/- ##
==========================================
- Coverage 82.62% 82.54% -0.08%
==========================================
Files 919 921 +2
Lines 248979 249432 +453
==========================================
+ Hits 205722 205903 +181
- Misses 43257 43529 +272
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Whoops, commit author got a bit messed up (they are my github username instead of my name). I will rebase and amend in the next version of PR. For the fuzzer failures, from what I can tell they're unrelated to the changes in the PR? |
Indeed, they are fixed in current master, you can rebase |
|
Replaced with: #11787 |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Make sure these boxes are checked accordingly before submitting your Pull Request -- thank you.
Contribution style:
https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html
Our Contribution agreements:
https://suricata.io/about/contribution-agreement/ (note: this is only required once)
Changes (if applicable):
https://redmine.openinfosecfoundation.org/projects/suricata/issues
Link to ticket: https://redmine.openinfosecfoundation.org/issues/6794
Describe changes:
Provide values to any of the below to override the defaults.