Some compiler/platform combinations don't like creating one const from
another as it can't guarantee the other is defined, resulting in the
following compile error:
output-json-tls.c:102:5: error: initializer element is not constant
BASIC_FIELDS |
^~~~~~~~~~~~
Fixes commit 377989df6c
Introduce a common function for mapping names to IDs that performs
bounds checking.
Note: For event IDs in the enum that are larger than a uint8_t, -1
will be returned instead of -4. -4 has special meaning during
signature parsin that means requirements were not met. -4 has no
special handling prior to requirements, or the meaning has been lost.
During EVE TLS setup, a broken check for Ja3 being enabled led to Ja3
being disabled, but only in custom mode. This check is not needed, if
Ja3 is disabled, it won't be available, and won't be logged.
This is required to implement "extended" in terms of "custom" fields.
The profiling arrays are incorrectly sized by the number of thread
modules. Since they contain app-layer protocol data, they should be
sized by ALPROTO_MAX.
Since enabling custom logging will replace the extended logging, thus
possibly leading to certain fields disappearing from the logs, mention
this aspect.
Related to
Bug #7333
This was done following the fact that this setting was historically
named incorrectly. The purpose of the setting was always to define the
ports that will be prioritized and have rule groups associated w them on
priority. Rename all occurences of this to correctly reflect the purpose
of the setting.
To avoid build failures due to rate limiting, cache the netmap checkout.
Explicitly restore and save to avoid the checkout action cleaning the
checkout up before it can be stored in the cache.
Threads are only set to paused upon initialization and never again, we
should only have to wait once, so move the wait before any loop that
was waiting before.
Additionally, if the thread was killed while waiting to be unpaused,
don't enter the loop.
The pattern of checking the pause flag, setting to paused then
waiting to unpause was done enough times to factor out into its own
function. This is also needed by library users who bring their own
packet acquisition threads.
Commit changes are made to avoid possible memory leaks. If the parser
is initialized before configuration file checking, there was no deinit
call before function return. Do check config file existance and type
before YAML parser initialization, so we don't need to deinit parser
before exiting the function.
Bug: #7302
Victor Julien
Jason Ish
Adam Kiripolsky
Nancy Enos
Alice Akaki
Sascha Steinbiss
Juliana Fajardini
Jeff Lucovsky
Philippe Antoine
dependabot[bot]
Shivani Bhardwaj
Zemeteri Kamimizu