Feature #8514: firewall: analyzer: complete rule table coverage - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #8514

open

JF JF

Story #7583: 9.0.0: usecase: improve firewall usecase

firewall: analyzer: complete rule table coverage

Feature #8514: firewall: analyzer: complete rule table coverage

Added by Juliana Fajardini Reichow 4 days ago. Updated 3 days ago.

Status:

Assigned

Priority:

Normal

Assignee:

Juliana Fajardini Reichow

Target version:

9.0.0-beta1

Effort:

Difficulty:

Label:

Description

For the FirewallAnalyzer report, we use AppLayerParserGetStateNameById to get the app-layer proto state, but if a parser doesn't have that, we don't return anything and thus don't get a rule table report, it seems. I suspect this may be just an UDP issue.

Saw this happening for DNS but imagine it can be the same for similar protos.

Subtasks 1 (1 open — 0 closed)

History
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #8514

firewall: analyzer: complete rule table coverage

JF Updated by Juliana Fajardini Reichow 4 days ago Actions
Copy link
#1

VJ Updated by Victor Julien 3 days ago Actions
Copy link
#2

OT Updated by OISF Ticketbot 3 days ago Actions
Copy link
#3

OT Updated by OISF Ticketbot 3 days ago Actions
Copy link
#4

Project

General

Profile

Suricata

Custom queries

Feature #8514

firewall: analyzer: complete rule table coverage

JF Updated by Juliana Fajardini Reichow 4 days ago ActionsCopy link #1

VJ Updated by Victor Julien 3 days ago ActionsCopy link #2

OT Updated by OISF Ticketbot 3 days ago ActionsCopy link #3

OT Updated by OISF Ticketbot 3 days ago ActionsCopy link #4

JF Updated by Juliana Fajardini Reichow 4 days ago Actions
Copy link
#1

VJ Updated by Victor Julien 3 days ago Actions
Copy link
#2

OT Updated by OISF Ticketbot 3 days ago Actions
Copy link
#3

OT Updated by OISF Ticketbot 3 days ago Actions
Copy link
#4