Simeon Miteff

@VictorNine `ParseSentence` parses one sentence at a time. To read a multi-sentence message, call it on each sentence, checking both for errors and whether the first return value is nil....

@bbannier thanks for the work-around!

> May or may not matter. If used with `af_packet` this approach provides load-balancing and multiple workers. With a pcap-over-ip PktSrc you'd need to find other ways for running multiple...

> While on this topic, there's also the related (but different, and more complex) rpcap: > > https://github.com/the-tcpdump-group/libpcap/blob/master/rpcap-protocol.h https://www.winpcap.org/docs/docs_412/html/group__remote.html https://www.extrahop.com/company/blog/2014/lean-and-mean-our-open-source-enhancements-to-rpcap/ My 2c: this seems OK if you deliberately truncate packets...

On Tue, Apr 4, 2023, 19:16 erik4711 ***@***.***> wrote: > Should PCAP-over-TCP include pcapng, or is that another "protocol"? > > My two cents would be to only do PCAP...

Hi @regit I might be doing something wrong but I tried this and profiling still doesn't work (see https://redmine.openinfosecfoundation.org/issues/6619#note-8 for more context): I started from Victor's `victor/detect-cleanups/v14` branch and then...

Hi @regit, I fully admit that I may be holding it wrong and this is not the right way to debug. Here is a self-contained reproducer (place in `Dockerfile` and...

@regit thanks for the clue.I added a content match signature and profiling info appeared. I won't complain too loudly, as I imagine most consumers of profiling output are intimate with...

@regit thanks for your help, removing `--enable-profiling` and keeping `--enable-profiling-rules` fixed it for me.

@awelzel I have no use case for holes 😁 I was writing a btest for https://github.com/corelight/go-zeek-broker-ws and wanted to exercise every type the broker JSON encoding supports, but couldn't figure...