Project

General

Profile

Actions

Feature #5972

closed

Feature #5489: research: multi version rules; or version dependent rules

rules: "requires" keyword representing the minimum version of suricata to support the rule

Added by Brandon Murphy over 1 year ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

reference: https://redmine.openinfosecfoundation.org/issues/4067#note-35

The concept here is that a rule can have a keyword which contains an option used to indicate the minimum version of Suricata required to support the rule's logic. This feature will allow rule writers to indicate that a rule requires a specific version due to either features, bug fixes, etc. and would allow the rule to be published within an existing ruleset but only loaded by engines which are supported.

Ideally, the engine will self detect the engine's version, and when loading a rule which requires a newer version, will throw a warning and not load the rule (not an error)

This feedback to users is valuable and can help to increase adoption of newer versions of Suricata.


Subtasks 2 (0 open2 closed)

Feature #6524: rules: "requires" keyword representing the minimum version of suricata to support the rule (7.0.x backport)ClosedJason IshActions
Feature #6637: requires: add skipped rules to statsClosedJason IshActions

Related issues 3 (1 open2 closed)

Related to Suricata - Task #4067: http2: overload existing http keywords to support http/2ClosedPhilippe AntoineActions
Related to Suricata - Task #6443: Suricon 2023 brainstormAssignedVictor JulienActions
Related to Suricata - Bug #6656: detect/requires: assertion failed !(ret == -4)ClosedPhilippe AntoineActions
Actions

Also available in: Atom PDF