Project

General

Profile

Actions
Copy link

Feature #5665

closed

rules: bidirectional transaction matching

Added by Philippe Antoine over 2 years ago. Updated 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

As a HTTP1 rule with uri and response code

Subtasks 1 (0 open1 closed)

Feature #2280: http: rules that match both request and responseClosedPhilippe AntoineActions

Related issues 7 (5 open2 closed)

Related to Suricata - Task #5488: Suricon 2022 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #4321: http2: Support link between packets in the same stream ClosedPhilippe AntoineActions
Related to Suricata - Task #6443: Suricon 2023 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #5664: "Scope" bits should have an expirationAssignedShivani BhardwajActions
Related to Suricata - Bug #7357: filestore keyword option seems not to workIn ProgressEric LeblondActions
Related to Suricata - Bug #7665: transaction rules: support filesizeClosedPhilippe AntoineActions
Blocks Suricata - Story #7124: rules: improve rule languageNewVictor JulienActions
Actions
Copy link
 #1

Updated by Philippe Antoine over 2 years ago

  • Related to Task #5488: Suricon 2022 brainstorm added
Actions
Copy link
 #2

Updated by Victor Julien over 2 years ago

  • Related to Feature #2280: http: rules that match both request and response added
Actions
Copy link
 #3

Updated by Victor Julien over 2 years ago

  • Subject changed from Bidirectional transaction matching to rules: bidirectional transaction matching
Actions
Copy link
 #4

Updated by Philippe Antoine over 1 year ago

  • Related to Feature #4321: http2: Support link between packets in the same stream added
Actions
Copy link
 #5

Updated by Philippe Antoine over 1 year ago

  • Related to Task #6443: Suricon 2023 brainstorm added
Actions
Copy link
 #6

Updated by Philippe Antoine over 1 year ago

  • Related to Feature #5664: "Scope" bits should have an expiration added
Actions
Copy link
 #7

Updated by Philippe Antoine over 1 year ago

Difficulty is file.data buffer is streamed and not retained.

Most keywords like http.uri should be easier...

Actions
Copy link
 #8

Updated by Philippe Antoine over 1 year ago

  • Assignee changed from OISF Dev to Philippe Antoine

Trying thinking about it

Actions
Copy link
 #9

Updated by Philippe Antoine over 1 year ago

  • Status changed from New to In Progress
Actions
Copy link
 #10

Updated by Philippe Antoine over 1 year ago

  • Target version changed from TBD to 8.0.0-beta1
Actions
Copy link
 #11

Updated by Philippe Antoine over 1 year ago

  • Status changed from In Progress to In Review
Actions
Copy link
 #12

Updated by Philippe Antoine over 1 year ago

  • Status changed from In Review to In Progress

Today's status : https://github.com/OISF/suricata/pull/10252
Try to lift off the limitations

Actions
Copy link
 #13

Updated by Philippe Antoine over 1 year ago

  • Status changed from In Progress to In Review

https://github.com/OISF/suricata/pull/10506

POC is good enough...
Rounds of reviews to expect...
And the feature for delaying prefiltering on the toclient direction... may come with this ticket or a next one...

Actions
Copy link
 #14

Updated by Victor Julien 11 months ago

  • Blocks Story #7124: rules: improve rule language added
Actions
Copy link
 #15

Updated by Victor Julien 11 months ago

  • Subtask #2280 added
Actions
Copy link
 #16

Updated by Philippe Antoine 4 months ago

  • Related to Bug #7357: filestore keyword option seems not to work added
Actions
Copy link
 #17

Updated by Philippe Antoine 2 months ago

  • Status changed from In Review to Resolved
Actions
Copy link
 #18

Updated by Philippe Antoine 2 months ago

  • Status changed from Resolved to Closed
Actions
Copy link
 #19

Updated by Philippe Antoine about 1 month ago

  • Related to Bug #7665: transaction rules: support filesize added
Actions
Copy link

Also available in: Atom PDF