rfb: add test case for logging of partial txs - v2 #1279
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ticket
Changes w.r.t. previous PR:
The tx involves an Apple macOS desktop sharing server, which uses a non-RFC authentication type we do not implement. This raises an "unimplemented_security_type" event and -- in the Suricata master before OISF/suricata#9106, would cause the transaction not to be logged at all, not even the version strings, which have been parsed successfully.
After the Suricata change, a partial event with the data available so far would be logged (i.e. version strings for server and client and the unsupported security type number).
Previous PR: #1274
If your pull request is related to a Suricata ticket, please provide
the full URL to the ticket here so this pull request can monitor
changes to the ticket status:
OISF/suricata#9114