Jan 06 2026 dev (#387)

* sync code * update code to support brotli * update code to support brotli * update code to support brotli * sync code * fix findBrotli * sync code * sync code * sync code * sync code --------- Co-authored-by: Ned Wright <nedwright@proton.me> Co-authored-by: Daniel Eisenberg <danielei@checkpoint.com>
2026-01-17 16:00:26 +03:00 · 2026-01-13 17:17:52 +02:00
parent c1058db57d
commit e7b6e51b31
216 changed files with 12601 additions and 2825 deletions
--- a/components/security_apps/ips/include/ips_signatures.h
+++ b/components/security_apps/ips/include/ips_signatures.h
@@ -21,13 +21,13 @@
 #include <vector>

 #include "config.h"
+#include "i_generic_rulebase.h"
 #include "i_first_tier_agg.h"
 #include "ips_entry.h"
 #include "ips_enums.h"
 #include "log_generator.h"
 #include "parsed_context.h"
 #include "pm_hook.h"
-#include "i_generic_rulebase.h"

 #define DEFAULT_IPS_YIELD_COUNT 500

@@ -402,6 +402,7 @@ public:

    LogTriggerConf getTrigger() const;

+
    std::set<ParameterBehavior>
    getBehavior(const std::unordered_map<std::string, std::set<std::string>> &exceptions_dict) const;

@@ -410,10 +411,21 @@ private:
    /// \param ips_state The IPS entry.
    ActionResults getAction(const IPSEntry &ips_state) const;

+    void sendLog(
+        const Buffer &context_buffer,
+        const IPSEntry &ips_state,
+        const std::tuple<
+            IPSSignatureSubTypes::SignatureAction,
+            std::string, std::vector<std::string>
+        > &override_action,
+        bool is_prevent
+    ) const;
+
    std::shared_ptr<CompleteSignature> signature;
    SignatureAction action;
    std::string trigger_id;
    std::string exception_id;
+    mutable bool bSupressLog = false;
 };
 } // namespace IPSSignatureSubTypes