Project

General

Profile

Actions
Copy link

Feature #4099

open

app-layer: allow direct rule keyword registration

Added by Victor Julien about 4 years ago. Updated 12 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
Victor Julien
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Related issues 3 (2 open1 closed)

Related to Suricata - Task #4097: Suricon 2020 brainstormAssignedVictor JulienActions
Related to Suricata - Optimization #3304: generic way to register buffers for logging and detectionNewOISF DevActions
Related to Suricata - Task #4683: detect: remove sigmatch_table in favor of a dynamic storage optionClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by Victor Julien about 4 years ago

  • Related to Task #4097: Suricon 2020 brainstorm added
Actions
Copy link
 #2

Updated by Victor Julien over 3 years ago

  • Target version changed from 7.0.0-beta1 to 8.0.0-beta1
Actions
Copy link
 #3

Updated by Philippe Antoine about 1 year ago

I do not understand what is expected here... Can you add more details ?

Actions
Copy link
 #4

Updated by Victor Julien 7 months ago

  • Related to Optimization #3304: generic way to register buffers for logging and detection added
Actions
Copy link
 #5

Updated by Victor Julien 7 months ago

  • Related to Task #4683: detect: remove sigmatch_table in favor of a dynamic storage option added
Actions
Copy link
 #6

Updated by Victor Julien 12 days ago

I think it is about what you made possible here https://github.com/OISF/suricata/pull/11291/commits/0726feff8c9caa317c60fbb211a400fe297971af, but then with the last step of not having to call this registration function from SigTableSetup but from the app-layer parsers registration logic. Perhaps this is already possible? Seems virtually the same as "detect plugins".

Actions
Copy link
 #7

Updated by Victor Julien 12 days ago

  • Subject changed from allow rule keyword registration from app-layer to app-layer: allow direct rule keyword registration
Actions
Copy link

Also available in: Atom PDF