Feature #8514: firewall: analyzer: complete rule table coverage - Suricata - Open Information Security Foundation

Actions

Feature #8514

open

JF VJ

Story #7583: 9.0.0: usecase: improve firewall usecase

firewall: analyzer: complete rule table coverage

Feature #8514: firewall: analyzer: complete rule table coverage

Added by Juliana Fajardini Reichow about 1 month ago. Updated 26 days ago.

Status:

Resolved

Priority:

Normal

Assignee:

Target version:

Effort:

Difficulty:

Label:

Description

For the FirewallAnalyzer report, we use AppLayerParserGetStateNameById to get the app-layer proto state, but if a parser doesn't have that, we don't return anything and thus don't get a rule table report, it seems. I suspect this may be just an UDP issue.

Saw this happening for DNS but imagine it can be the same for similar protos.

Subtasks 1 (1 open — 0 closed)

JF Updated by Juliana Fajardini Reichow about 1 month ago Actions
Copy link
#1

Description updated (diff)

VJ Updated by Victor Julien about 1 month ago Actions
Copy link
#2

Status changed from New to Assigned
Assignee set to Juliana Fajardini Reichow
Priority changed from Normal to High
Label Needs backport to 8.0 added

OT Updated by OISF Ticketbot about 1 month ago Actions
Copy link
#3

Subtask #8519 added

OT Updated by OISF Ticketbot about 1 month ago Actions
Copy link
#4

Label deleted (~~Needs backport to 8.0~~)

VJ Updated by Victor Julien about 1 month ago Actions
Copy link
#5

Status changed from Assigned to In Progress
Assignee changed from Juliana Fajardini Reichow to Victor Julien

VJ Updated by Victor Julien 26 days ago Actions
Copy link
#6

Status changed from In Progress to Resolved

https://github.com/OISF/suricata/pull/15398

Actions

Also available in: PDF Atom