Feature #7354: detect: reimplement ip-only as a per group prefilter - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #7354

open

detect: reimplement ip-only as a per group prefilter

Added by Victor Julien about 2 months ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Currently IP-only rules are processed separately from the "regular" rules, leading to some unexpected behavior around inspection order.

A better approach could be too have them as per sgh prefilter engines. This would then simply make them behave like regular rules. The engine could still run only for the first packet in the flow, or on every packet for flow-less packets.

Related issues 1 (1 open — 0 closed)

History
Property changes

Actions

Copy link

Updated by Victor Julien 18 days ago

Related to Bug #3771: Extreme performance degradation when doing IP-only rules with flow-keyword added

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #7354

detect: reimplement ip-only as a per group prefilter

Updated by Victor Julien 18 days ago