Project

General

Profile

Actions
Copy link

Feature #7354

open

detect: reimplement ip-only as a per group prefilter

Added by Victor Julien about 1 year ago. Updated 13 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

Currently IP-only rules are processed separately from the "regular" rules, leading to some unexpected behavior around inspection order.

A better approach could be too have them as per sgh prefilter engines. This would then simply make them behave like regular rules. The engine could still run only for the first packet in the flow, or on every packet for flow-less packets.

Related issues 1 (1 open0 closed)

Related to Suricata - Bug #3771: Extreme performance degradation when doing IP-only rules with flow-keywordNewOISF DevActions
Actions
Copy link
 #1

Updated by Victor Julien about 1 year ago

  • Related to Bug #3771: Extreme performance degradation when doing IP-only rules with flow-keyword added
Actions
Copy link
 #2

Updated by Shivani Bhardwaj 13 days ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Shivani Bhardwaj
  • Target version changed from TBD to 9.0.0-beta1

Taking this up as I'm starting to look into related issues.

Actions
Copy link

Also available in: Atom PDF