Project

General

Profile

Actions
Copy link

Feature #7711

open

tracking: detect: add detection hooks to inspect/drop before stateful components

Added by Victor Julien 22 days ago. Updated 18 days ago.

Status:
In Review
Priority:
Normal
Assignee:
Victor Julien
Target version:
8.0.0-rc1
Effort:
Difficulty:
Label:

Description

Currently the packet pipeline is roughly:

capture -> decode -> flow update -> stream -> app-layer -> detect -> output.

This leads to packets only getting dropped by a rule policy after they have first updated the state of the flow, stream, app-layer of a flow.

Subtasks 2 (2 open0 closed)

Feature #7712: detect: add pre_stream rule hookIn ReviewVictor JulienActions
Feature #7714: detect: add pre_flow rule hookIn ReviewVictor JulienActions
Actions
Copy link

Also available in: Atom PDF