It generates a `compile_commands.json` suitable for clangd.
This is almost mandatory to have a command like this one for NixOs
users as tool like bear are not able to intercept correctly the
clang calls due to the usage of a wrapper.
Ticket: #7669
By adding a `shell.nix` file in the root directory of the source,
NixOs (https://nixos.org/) users can get a ready for development
environment by simply running `nix-shell` from the source tree.
This is really convenient as the installation of needed packages
is just done as user and transparently for the user/developer.
Ticket: #7669
Track per flow thread id for UDP and other non-TCP protocols. This
improves the timeout handling as the per thread timestamp is used in
offline mode.
Fixes: ada2bfe009 ("flow/worker: improve flow timeout time accuracy")
Fixes: ef396f7509 ("flow/manager: in offline mode, use owning threads time")
Bug #7687.
Ticket: 7665
Instead of each keyword calling DetectSetupDirection, use a
new flag SIGMATCH_SUPPORT_DIR so that DetectSetupDirection gets
called, before parsing the rest of the keyword.
Allows to support filesize keyword in transactional signatures
src/util-debug.c:1562:5: warning: Either the condition 'sc_lid!=NULL' is redundant or there is possible null pointer dereference: sc_lid. [nullPointerRedundantCheck]
sc_lid->global_log_level = MAX(sc_lid->global_log_level, max_level);
^
src/util-debug.c:1569:16: note: Assuming that condition 'sc_lid!=NULL' is not redundant
if (sc_lid != NULL)
^
src/util-debug.c:1562:5: note: Null pointer dereference
sc_lid->global_log_level = MAX(sc_lid->global_log_level, max_level);
^
For "stateful rules", don't drop packets after the initial match as long
as the tx state doesn't change.
An example of how this could happen was:
accept:hook ssh:request_started any any -> any any (alert; sid:2000;)
accept:hook ssh:request_banner_wait_eol any any -> any any (alert; sid:2001;)
accept:hook ssh:request_banner_done any any -> any any ( \
ssh.software; content:"OpenSSH_8.2p1"; alert; sid:2002;)
As the ssh session reached the request_banner_done state, it would
remain in this state. So additional packets would again review the rules
for this state. The rule 2002 is stored in the tx state as fully
matched, and would be skipped for the additional packets. This meant
that the `accept:hook` action was not applied and the default drop
policy was triggered.
This is addressed by updating the stateful logic:
If an accept rule has the DE_STATE_FLAG_FULL_INSPECT flag set, and the
tx progress is not progressed beyond the rule, apply the rule accept
acction.
Eric Leblond
Jason Ish
Victor Julien
Jeff Lucovsky
Philippe Antoine
dependabot[bot]