Suricata version:7.0.2
Operating system and/or Linux distribution:centos7
I played back the http packets with “suricata - r” and found that some of the logs were missing mac addresses.
I found during debugging that the code entered this section.Does anyone know what conditions will cause x not to be NULL?
pcap:http.pcap (2.7 KB)