Project

General

Profile

7.0.0-beta1

locked

10/25/2022

100%

476 issues   (476 closed — 0 open)

Issues by
Bug

284/284
Feature

57/57
Optimization

44/44
Task

64/64
Documentation

14/14
Security

13/13
Related issues
Bug #2190: apparent 1000 character limit in threshold.conf IP lists Actions
Bug #2510: Suricata doesnt decompress HTTP Post body Actions
Bug #2802: iprep: use_cnt can get desynchronized (SIGABRT) Actions
Bug #2809: Applayer Mismatch protocol both directions for kerberos AS-REQ/KDC_ERR_PREAUTH_REQUIRED exchange Actions
Bug #3109: dcerpc engine not generating alerts Actions
Bug #3419: af-packet: cluster_id is not used when trying to set fanout support Actions
Bug #3475: SMB evasion against EICAR file detection Actions
Bug #3542: FTP: expectation created in wrong direction. Actions
Bug #3685: Incorrect logging level for messages Actions
Bug #3703: fileinfo "stored: false" even if the file is kept on disk Actions
Bug #3846: Infinite loop if the sniffing interface temporarily goes down Actions
Bug #3995: SIGABRT stream-tcp-reassemble Actions
Bug #3996: SIGABRT: SMTPTransactionComplete Actions
Bug #4080: DCERPCUDPState handle fragmented data functions pegging certain CPU cores/threads Actions
Bug #4096: flow manager: 200% CPU in KVM host with no activity with Suricata 6 Actions
Bug #4106: Duplicate TLS subjects in tls metadata. Actions
Bug #4152: fatal error: 'gnu/stubs-32.h' file not found Actions
Bug #4171: Failed assert in TCPProtoDetectCheckBailConditions size_ts > 1000000UL Actions
Bug #4187: rs_dcerpc_udp_get_tx takes out unusual amount of CPU Actions
Bug #4198: dcerpc: no alert triggered with dce opnum in 6.0 Actions
Bug #4199: Transformation keyword can’t trigger an alert Actions
Bug #4202: Wrong stream side after direction change Actions
Bug #4205: eve: Memory leak from jsonbuilder in @MetadataJson@ Actions
Bug #4206: dns: output flags not set correctly on 32 bit systems Actions
Bug #4208: Suricata crashes with multi-threaded eve logger and HTTP/2 traffic Actions
Bug #4210: Alert not generated with 2 rules - http.request body (alone) and http.request_body/url_decode Actions
Bug #4211: Not all manpages are built by docs Makefile Actions
Bug #4216: 5.0.5 in socket mode crashes when using file-store due to uninitialized stats_ctx Actions
Bug #4224: modbus: Request flood leads to CPU exhaustion Actions
Bug #4225: SC_ERROR_CONF_YAML_ERROR anomaly logger error when in socket mode Actions
Bug #4228: tcp/async: incorrect flagging of ACK values as invalid Actions
Bug #4231: ICMPv6 failed assert p->icmpv6h == NULL with icmpv6.hdr Actions
Bug #4232: Protocol detection evasion enip-SMB Actions
Bug #4233: ssl : Integer underflow in ssl parsing SSLV3_HANDSHAKE_PROTOCOL Actions
Bug #4238: tcp/fastopen: false positive on "invalid option" Actions
Bug #4239: dataset file not written when run as user Actions
Bug #4245: SMTP/Email Body md5: Only logs the md5 of the first part in a multi-part mime message Actions
Bug #4246: Assertion failed in AdjustToAcked delta > 10000000ULL && delta > stream->window Actions
Bug #4247: detect: NOOPT flag not enforced correctly Actions
Bug #4253: lua: flowint/flowvar API naming consistency Actions
Bug #4254: Leak in signature parsing with urilen Actions
Bug #4258: ftp-data: support for file.name keyword is incomplete Actions
Bug #4261: Mismatch between capture and outputs in rules leads to seg fault Actions
Bug #4262: ebpf: llc detection failure Actions
Bug #4267: output: don't use /etc/protocols Actions
Bug #4271: datasets: reference counter issue in string lookup Actions
Bug #4272: Timeout in libhtp with lzma in gzip to be decompressed in many responses Actions
Bug #4273: protodetect: SEGV due to NULL ptr deref Actions
Bug #4274: Suricata crashes at exit in NFQ mode Actions
Bug #4275: Datasets writing limits on exit Actions
Bug #4277: SIGABRT: rust panic HTTP2State Actions
Bug #4280: Suricata is not fully reading or loading the iprep files Actions
Bug #4320: Heap use after free in parsing signatures with ip_proto and prefilter Actions
Bug #4331: libhtp: don't put stream in error state on compression issues Actions
Bug #4335: Stack-buffer-overflow READ 4 in SetupU8Hash Actions
Bug #4348: ftp: "g_expectation_data_id" and "g_expectation_id" in AppLayerExpectationHandle function Actions
Bug #4361: detect: file.data performance regression Actions
Bug #4369: Configuration test mode succeeds when threshold.config file contains invalid content Actions
Bug #4375: segv in ApplyToU8Hash Actions
Bug #4376: TCP flow that retransmits the SYN with a newer TSval not properly tracked Actions
Bug #4379: flow manager: using too much CPU during idle Actions
Bug #4387: Heap-use-after-free READ 8 · JsonDNP3LoggerToClient Actions
Bug #4388: Protocol detection evasion enip-dns Actions
Bug #4389: Protocol detection tls-dcerpc Actions
Bug #4394: detect: "drop" on protocol detect only rule doesn't drop flow Actions
Bug #4395: Incorrect AppLayerResult::incomplete for RDP Actions
Bug #4397: eve.drop: alerts option logs lowest priority alert Actions
Bug #4400: Panic in Rust HTTP2 dynamic headers table eviction Actions
Bug #4401: Quadratic complexity in libhtp chunk parsing Actions
Bug #4403: Use after free or read overflow or use of unitized memory in TransformStripWhitespace called by HttpServerBodyXformsGetDataCallback Actions
Bug #4404: eve/mqtt: mqtt logging crashes when eve is multithreaded Actions
Bug #4407: threshold: slow startup on threshold.config with many addresses in suppression Actions
Bug #4424: ftp: Memory leak with duplicate FTP expectation Actions
Bug #4425: threaded eve: files not closed on deinitialization Actions
Bug #4428: Rust panic in suricata::dcerpc::detect::handle_input_data (buffer overread) Actions
Bug #4433: Debug assert failed in ikev1 logger Actions
Bug #4434: Duplicate alert record in eve log when using unix-socket mode Actions
Bug #4436: Buffer overread in SMTP SMTPParseCommandBDAT Actions
Bug #4437: dns: high resource usage on long lived dns connections Actions
Bug #4438: Null-dereference in HTTP2MimicHttp1Request in midstream Actions
Bug #4439: eve: log alert direction Actions
Bug #4440: eve: log if flow had gap Actions
Bug #4442: build: Build failure on FreeBSD Actions
Bug #4447: ipv6 & ftp & passive mode & error Actions
Bug #4448: Properly set the ICMP emergency-bypassed value Actions
Bug #4472: YAML -- interpretation of "~" (tilde) Actions
Bug #4473: Timeout in ftp parsing rs_ftp_active_eprt Actions
Bug #4476: heap-buffer-overflow WRITE in InspectionBufferSetup with use of InspectionBufferGetMulti Actions
Bug #4477: Infinite loops in when using InspectionBufferMultipleForList Actions
Bug #4478: freebsd: lockups due to mutex handling issues Actions
Bug #4491: rules: rules w/o sid accepted, leading to alerts with signature_id: 0 Actions
Bug #4494: Failed assertion in HTTP2 decompression Actions
Bug #4495: output: threaded output coverity warning Actions
Bug #4502: TCP reassembly memuse approaching memcap value results in TCP detection being stopped Actions
Bug #4503: Buffer overflow in "by_rule" threshold context Actions
Bug #4505: Rust panic while parsing (new rust) modbus rule Actions
Bug #4508: SSH bypass is not working Actions
Bug #4509: Incorrect flags in Rust Actions
Bug #4516: Integer overflows Actions
Bug #4523: Application log cannot to be re-opened when running as non-root user Actions
Bug #4525: segv with --set cmdline option if incorrect key is provided Actions
Bug #4527: Fix implicit conversions in traffic facing source code modules Actions
Bug #4528: Fix implicit conversions in detection modules Actions
Bug #4530: DOS Quadratic complexity when having too many transactions Actions
Bug #4533: Rust modbus parser does not handle gaps as it claims Actions
Bug #4534: Timeout in ikev2 parsing Actions
Bug #4536: SWF decompression overread Actions
Bug #4537: alert count shows up as 0 when stats are disabled Actions
Bug #4540: unused variables warnings on Windows compiles with rust Actions
Bug #4549: TCP reassembly, failed assert app_progress > last_ack_abs, both sides need to be pruned Actions
Bug #4558: DNP3: intra structure overflow in DNP3DecodeObjectG70V6 Actions
Bug #4560: Quadratic complexity in HTTP2 gzip decompression Actions
Bug #4561: Failed assertion in SMTP SMTPTransactionComplete Actions
Bug #4562: Memory leak in Protocol change during protocol detection Actions
Bug #4563: Rules based on SSH banner-related keywords only match on acked data Actions
Bug #4570: eve/flow: many flows logged with reason==unknown Actions
Bug #4577: coverity: minor warnings Actions
Bug #4581: Excessive qsort/msort time when large number of rules using tls.fingerprint Actions
Bug #4582: BUG_ON triggered from TmThreadsInjectFlowById Actions
Bug #4586: segmentfault when reopen redis Actions
Bug #4619: HTTP2 null dereference in upgrade Actions
Bug #4620: Protocol detection : confusion with SMB in midstream Actions
Bug #4621: rust panic: when using smb stream-depth Actions
Bug #4622: File deletions over SMB are not always logged Actions
Bug #4650: Stream TCP raw reassembly is leaking Actions
Bug #4654: tcp: insert_data_normal_fail can hit without triggering memcap Actions
Bug #4659: Configuration test mode succeeds when reference.config file contains invalid content Actions
Bug #4663: rules: drop rules with noalert not fully dropping Actions
Bug #4664: ipv6 evasions : fragmentation Actions
Bug #4666: http: ipv6 address is a valid host Actions
Bug #4670: rules: mix of drop and pass rules issues Actions
Bug #4679: IPv6 : decoder event on invalid fragment length Actions
Bug #4680: nfs: failed assert self.tx_data.files_logged > 1 Actions
Bug #4681: Wrong list_id with transforms for http_client_body and http file_data Actions
Bug #4685: detect: too many prefilter engines lead to FNs Actions
Bug #4692: lua: file info callback returns wrong value Actions
Bug #4699: coverity warnings after output changes Actions
Bug #4719: http2: byte-range test fails intermittently Actions
Bug #4720: pcre2: ASAN heap-buffer-overflow Actions
Bug #4722: flows: TCP flow timeout handling stuck if there is no traffic Actions
Bug #4724: pcre2: scan-build warning Actions
Bug #4731: flows: spare pool not freeing flows aggressively enough Actions
Bug #4737: ubsan: bytejump warning Actions
Bug #4739: Absent app-layer protocol is always enabled by default Actions
Bug #4741: Quadratic complexity in modus due to missing tx_iterator Actions
Bug #4752: Memory leak in SNMP with DetectEngineState Actions
Bug #4754: Invalid range leads to OOM Actions
Bug #4757: Incomplete range with overlap, and expected new bytes, lead to incomplete reassembly Actions
Bug #4764: range: no validity check with HTTP2 leads to over allocation Actions
Bug #4765: loopback: different AF_INET6 values per OS Actions
Bug #4766: Flow leaked when flow->use_cnt access race happens Actions
Bug #4767: Rule error in SMB dce_iface and dce_opnum keywords Actions
Bug #4769: dcerpc dce_iface just match a packet Actions
Bug #4771: pcrexform: does not capture substring but whole match Actions
Bug #4778: flow/bypass: app-layer/stream resources not freed when bypass activated Actions
Bug #4779: flow/bypass: flow worker not performing flow timeout "housekeeping" Actions
Bug #4785: af-packet: threads sometimes get stuck in capture Actions
Bug #4800: af-packet: flag colision between kernel and Suricata Actions
Bug #4801: af-packet: tpacket v3 socket reference handling broken Actions
Bug #4803: af-packet: up/down logic leaks resources in autofp (tpacket v2) Actions
Bug #4804: af-packet: tpacket v3 if/down logic broken Actions
Bug #4807: packetpool: packets in pool may have capture method ReleasePacket callbacks set Actions
Bug #4808: flow: worker-evicted flows need to be processed quicker Actions
Bug #4810: pppoe decoder fails when protocol identity field is only 1 byte Actions
Bug #4811: Range: memory leak from HTTP2 Actions
Bug #4812: conf: quadratic complexity Actions
Bug #4817: smtp: smtp transaction not logged if no email is present Actions
Bug #4828: flow: flows not evicted & freed in time Actions
Bug #4836: profiling: Invalid performance counter when using sampling Actions
Bug #4839: Memory leak with signature using file_data and NFS Actions
Bug #4842: smb: excessive memory use during file transfer Actions
Bug #4848: TFTP: memory leak due to missing detect state Actions
Bug #4849: protodetect: SMB vs TLS protocol detection in midstream Actions
Bug #4859: dnp3: buffer over read in logging base64 empty objects Actions
Bug #4860: eve.json remove app-layer specific fields from root object Actions
Bug #4862: MQTT : transactions are never cleaned by AppLayerParserTransactionsCleanup Actions
Bug #4877: Run stream reassembly on both directions upon receiving a FIN packet Actions
Bug #4882: Netmap configuration -- need a configuration option for non-standard library locations. Actions
Bug #4920: detect/app-layer-protocol: app-layer-protocol:http broken Actions
Bug #4924: dns: transaction not created when z-bit set Actions
Bug #4935: DPDK: Packet counters set incorrectly Actions
Bug #4941: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit Actions
Bug #4945: smb: excessive CPU utilization and higher packet processing latency due to excessive calls to Vec::extend_from_slice() Actions
Bug #4947: suricatasc loop if recv returns no data Actions
Bug #4948: SMTP assertion triggered Actions
Bug #4953: stream: too aggressive pruning in lossy streams Actions
Bug #4969: Libhtp timeout lzma reallocing dictionary Actions
Bug #4972: Null deference in ConfigApplyTx Actions
Bug #5007: pgsql: coverity warning Actions
Bug #5009: dpdk: fails to compile on ubuntu 22.04 Actions
Bug #5011: frames: buffer overread in SigValidate Actions
Bug #5016: pgsql: fix possible unsigned integer overflow Actions
Bug #5018: MQTT can return AppLayerResult::incomplete forever and buffer forever Actions
Bug #5019: dataset: error with space in rule language Actions
Bug #5034: dns: probing/parser can return error when it should return incomplete Actions
Bug #5040: stats: add app-layer error counters Actions
Bug #5046: Documentation copyright years are invalid Actions
Bug #5065: frames: coverity warning Actions
Bug #5066: detect/iponly: mixing netblocks can lead to FN/FP Actions
Bug #5070: Stacktrace logger should propagate original signal Actions
Bug #5073: Off-by-one in flow-manager flow_hash row allocation Actions
Bug #5077: byte_math rule options need to be in order or will fail otherwise Actions
Bug #5079: swf: coverity warning Actions
Bug #5080: eve/dnp3: coverity warnings for string handling Actions
Bug #5081: detect/iponly: rule parsing does not always apply netmask correctly Actions
Bug #5084: iprep: cidr support can set up radix incorrectly Actions
Bug #5085: defrag: policy config can setup radix incorrectly Actions
Bug #5086: htp: server personality radix handling issue Actions
Bug #5093: rust/proc-macro-crate: pin to old version to support our MSRV Actions
Bug #5094: output: timestamp missing usecs on Arm 32bit + Musl Actions
Bug #5144: Failed assert DeStateSearchState Actions
Bug #5145: nfs: Integer underflow in NFS Actions
Bug #5146: libhtp: does not handle 100 continue if there is a 0 Content Length Actions
Bug #5147: frames: debug assertion on SMB2 traffic Actions
Bug #5162: inspection of smb traffic without smb/dcerpc doesn't work correct. Actions
Bug #5168: detect/iponly: non-cidr netmask settings can lead incorrect detection Actions
Bug #5174: MIME URL extraction creates invalid url in JSON Actions
Bug #5183: TLS Handshake Fragments not Reassembled Actions
Bug #5188: SSL : over allocation for certificates Actions
Bug #5197: fast_pattern assignment of specific content results in FN Actions
Bug #5200: libbpf: Use of legacy code in eBPF/XDP programs Actions
Bug #5201: content:"22 2 22"; is parsed without error Actions
Bug #5208: DCERPC protocol detection when nested in SMB Actions
Bug #5223: base64_decode does not populate base64_data buffer once hitting non-base64 chars Actions
Bug #5226: Frames: failed assertion !((int64_t)data_len > frame->len) Actions
Bug #5228: pcre2: SEGV during rule loading Actions
Bug #5236: frame: buffer over read in SCACSearch Actions
Bug #5238: frame: memory leak in signature parsing Actions
Bug #5246: smb: integer underflows and overflows Actions
Bug #5248: flow: double unlock in tcp reuse case Actions
Bug #5259: rust: update time dependency Actions
Bug #5260: rust: update regex dependency Actions
Bug #5268: mqtt: integer underflow with truncated Actions
Bug #5276: eve: payload field randomly missing even if the packet field is present Actions
Bug #5278: app-layer: Allow for non slice based transaction containers in generate get iterator (rust) Actions
Bug #5280: nfs: ASSERT: attempt to subtract with overflow (compound) Actions
Bug #5281: ftp: don't let first incomplete segment be over maximum length Actions
Bug #5285: frame: assertion failed in PrefilterMpmFrame Actions
Bug #5291: cppcheck: various static analyzer "warning"s Actions
Bug #5294: mqtt: convert to vecdeque Actions
Bug #5295: rdp: convert transaction list to vecdeque Actions
Bug #5296: http2: convert transaction list to vecdeque Actions
Bug #5297: pgsql: convert transaction list to vecdeque Actions
Bug #5298: template (rust): convert transaction list to vecdeque Actions
Bug #5306: dcerpc: unsigned integer overflow in parse_dcerpc_bindack Actions
Bug #5308: file handling: avoid toctou race conditions Actions
Bug #5309: CIDR prefix calculation fails on big endian archs Actions
Bug #5310: detect: several potential infinite loops by comparing u16 to size_t Actions
Bug #5312: test failure on Ubuntu 22.04 with GCC 12 Actions
Bug #5313: python: distutils deprecation warning Actions
Bug #5314: ftp: quadratic complexity for tx iterator with linked list Actions
Bug #5315: decode/mime: base64 decoding for data with spaces is broken Actions
Bug #5316: smtp: PreProcessCommands does not handle all the edge cases Actions
Bug #5317: flow manager: end of flow counters not working Actions
Bug #5327: track by_rule|by_both incorrectly rejected for global thresholds Actions
Bug #5329: rust: inconsistency between rust structure RustParser and C structure AppLayerParser Actions
Bug #5330: flow: vlan.use-for-tracking is not used for ICMPv4 Actions
Bug #5331: stacktrace-on-signal: Kills all processes in the same process group Actions
Bug #5353: detect/alert: fix segvfault when incrementing discarded alerts if alert-queue-expand fails Actions
Bug #5361: IPS: ip only rules, but with negated addresses not treated like pure ip-only rules in IPS context Actions
Bug #5368: bypass: Memory leak of some flow bypass objects. Actions
Bug #5377: modbus: probing parser recognizes modbus with unknown function code Actions
Bug #5386: detect/threshold: offline time handling issue Actions
Bug #5390: smb: have default stream-depth of 0 Actions
Bug #5391: events: PACKET_RECYCLE does not reset event_last_logged Actions
Bug #5392: fileinfo: inconsistent file size tracking for GAPs Actions
Bug #5401: tcp: assertion failed in DoInsertSegment (BUG_ON) Actions
Bug #5402: detect: will still inspect packets of a "dropped" flow for non-TCP Actions
Bug #5409: PCRE: use match and recursion limit for pcrexform Actions
Bug #5412: SMB status errors list is incomplete Actions
Bug #5419: Failed assert DeStateSearchState Actions
Bug #5455: ike: logging state transforms instead of transaction transforms Actions
Bug #5457: Counters are not initialized in all places. Actions
Bug #5458: Reject action is no longer working Actions
Bug #5507: DHCP: signature keyword for renewal_time Actions
Bug #5508: SMB2 async responses are not matched with its request Actions
Bug #5518: dcerpc: More efficient transaction handling for UDP Actions
Bug #5521: detect: transform strip whitespace creates a 0-sized variable-length array Actions
Bug #5527: postgresql: limit number of live transactions Actions
Bug #5536: detect: flow.age keyword Actions
Bug #5538: Compiler Warning on Fedora 36 / gcc 12.2.1 Actions
Bug #5581: eve: mac address logging for packet records reverses direction Actions
Bug #5584: detect/tag: timeout handling issues on windows Actions
Bug #5595: eve/alert: SEGV in files to alert logging Actions
Feature #120: Capture full session on alert Actions
Feature #1096: tls: client certificate handling Actions
Feature #1369: eve: json schema Actions
Feature #1478: Active flow counters Actions
Feature #1576: http: byte-range support Actions
Feature #2054: Extracting HTTPS URL´s from SMTP, currently only HTTP is supported Actions
Feature #2096: eve: event_type for MODBUS Actions
Feature #2323: Applayer support for telnet Actions
Feature #2450: lua: scripts access to calling rule informations Actions
Feature #2697: prefilter support for stream_size Actions
Feature #3002: Flow and Netflow Not Logging ESP Traffic Actions
Feature #3285: rules: XOR keyword Actions
Feature #3292: support for network service header (NSH) Actions
Feature #3440: Add GQUIC Protocol Analysis and CYU Fingerprinting Actions
Feature #3512: stream depth event rule Actions
Feature #3701: eve: add tenant_id in eve-log for other types than alert Actions
Feature #3767: Add IKEv1 parser Actions
Feature #3887: yaml: Increase maximum size for address vars Actions
Feature #3957: Convert protocol to Rust: Modbus Actions
Feature #4116: http2: body compression handling Actions
Feature #4117: http2: byte-range support Actions
Feature #4142: file.data: support for NFS Actions
Feature #4144: file.data: support for request side files in HTTP Actions
Feature #4241: Protocol support: PostgreSQL (pgsql) Actions
Feature #4332: Makes libhtp decompression time limit configurable from Suricata Actions
Feature #4386: Support for RFC2231 Actions
Feature #4406: unix socket: Get flow information by flow_id Actions
Feature #4498: decoder: add VN-Tag support Actions
Feature #4507: dpdk: initial support for IDS and IPS modes Actions
Feature #4515: Add DNS logging of Z flag Actions
Feature #4526: SIGSEGV handling -- log stack before aborting Actions
Feature #4541: netmap: new API version (14) supports multi-ring software mode Actions
Feature #4550: pthreads: set minimum stack size Actions
Feature #4551: eve: add direct base64 to json option to json builder Actions
Feature #4556: HTTP2: support deflate decompression Actions
Feature #4872: nfs: add stream app-layer frame support Actions
Feature #4967: QUIC v1 support Actions
Feature #4983: frames: support UDP Actions
Feature #4984: dns: add frames support Actions
Feature #5036: sip: add frames support Actions
Feature #5190: new tls.random keyword Actions
Feature #5191: new keyword for self signed certificates Actions
Feature #5202: eve/drop: include drop "reason" Actions
Feature #5214: ips: allow dropping of flow if stream.memcap is hit Actions
Feature #5215: ips: allow dropping of flow if stream.reassembly.memcap is hit Actions
Feature #5216: ips: allow dropping of flow if flow.memcap is hit Actions
Feature #5218: ips: allow dropping of flow if applayer reaches error state Actions
Feature #5411: Add keywords for user and domain seen in smb Actions
Feature #5413: DCERPC logging is not easy to use in analysis Actions
Feature #5416: SNMP: signature keyword for usm Actions
Feature #5435: DHCP: signature keyword for lease_time Actions
Feature #5442: kerberos: log ticket encryption method Actions
Feature #5468: ips: midstream: add "exception policy" for midstream Actions
Feature #5479: Add landlock support Actions
Feature #5503: ips: add "reject" action to exception policies Actions
Feature #5506: DHCP: signature keyword for rebinding_time Actions
Feature #5509: App-layer event for protocol change failure Actions
Optimization #2405: files: Use FileTruncateAllOpenFiles for every app layer protocol Actions
Optimization #3315: app-layer: unify registration logic Actions
Optimization #3658: Use WARN_UNUSED for ByteExtract* functions Actions
Optimization #3825: Defining only one basic rust Files structure Actions
Optimization #3832: rust: Make core::* as enum to improve readability Actions
Optimization #4066: Add a PASS_IF_NULL macro to the FAIL/PASS API Actions
Optimization #4112: Use generic rust DetectU32Data in every keyword needing this Actions
Optimization #4126: Threaded eve logging for output types other than regular file (socket, plugins, redis etc) Actions
Optimization #4154: Rust Parsers: Abstract AppLayer events to a derive macro Actions
Optimization #4207: Use configurable or more dynamic @ PACKET_ALERT_MAX@ Actions
Optimization #4319: dcerpc: improve protocol detection Actions
Optimization #4366: decoder: limit number of decoding layers Actions
Optimization #4427: storage api: use dedicated 'id' type Actions
Optimization #4475: Rust: Make default_port in parser registration an Option Actions
Optimization #4496: decode: remove NULL checks after header casts Actions
Optimization #4497: rust: clean up constructors of state, transaction structs Actions
Optimization #4555: HTTP2: what to do when HTTP upgrade is requested and HTTP2 is disabled ? Actions
Optimization #4593: Fix warning about "mixed case hex literals" Actions
Optimization #4595: Fix warning about "comparing with null" Actions
Optimization #4597: Fix warning about "enum's name" Actions
Optimization #4599: Fix warning about "ptr_arg" Actions
Optimization #4604: Fix warning about "branches sharing code" Actions
Optimization #4605: Fix warning about "unnecessary nested match" Actions
Optimization #4609: Fix warning about "if same then else" Actions
Optimization #4613: Fix warning about "large enum variant" Actions
Optimization #4616: Fix warning about "match single binding" Actions
Optimization #4618: Fix warning about "inherent to string" Actions
Optimization #4653: Flow cleaning with chunked approach is memory hungry Actions
Optimization #4711: Clang 14 and rust nightly new warnings Actions
Optimization #4748: app-layer/rust: explore if tx iterator can be implemented as a trait Actions
Optimization #4795: Remove PASS_IF macro from the FAIL/PASS API Actions
Optimization #4805: af-packet: move vlan hdr insert logic to capture/decode Actions
Optimization #4907: smtp: use AppLayerResult instead of buffering wherever possible Actions
Optimization #4943: alerts: use alert queing in DetectEngineThreadCtx Actions
Optimization #4991: pgsql: convert parser to nom7 functions Actions
Optimization #5229: rules: too much time spent in SigMatchListSMBelongsTo at startup Actions
Optimization #5230: rules: too much time spent in DetectUnregisterThreadCtxFuncs due to pcre2 Actions
Optimization #5231: rules: mpm setup more costly than needed Actions
Optimization #5232: rules: pattern id assignment is too slow Actions
Optimization #5400: dpdk: allow specifying of `rss_hf` flags in config Actions
Optimization #5454: http2: slow http2_frames_get_header_value_vec because of allocation Actions
Optimization #5481: tls: support incomplete API to replace internal buffering Actions
Optimization #5577: Fix warning about "comparing with null" in debug code Actions
Optimization #5592: tunnel: spinlock for tunnel packet sync Actions
Task #3194: pcre2 support Actions
Task #3905: GitHub CI: use sccache for commits build Actions
Task #4021: Convert unittests to new FAIL/PASS API - detect-dsize.c Actions
Task #4024: Convert unittests to new FAIL/PASS API: detect-engine.c Actions
Task #4025: Convert unittests to new FAIL/PASS API: detect-engine-event.c Actions
Task #4026: Convert unittests to new FAIL/PASS API: detect-engine-payload.c Actions
Task #4027: Convert unittests to new FAIL/PASS API: detect-engine-proto.c Actions
Task #4028: Convert unittests to new FAIL/PASS API: detect-engine-siggroup.c Actions
Task #4031: Convert unittests to new FAIL/PASS API: detect-fast-pattern.c Actions
Task #4032: Convert unittests to new FAIL/PASS API: detect-file-data.c Actions
Task #4033: Convert unittests to new FAIL/PASS API: detect-fileext.c Actions
Task #4034: Convert unittests to new FAIL/PASS API: detect-filemagic.c Actions
Task #4035: Convert unittests to new FAIL/PASS API: detect-filemd5.c Actions
Task #4036: Convert unittests to new FAIL/PASS API: detect-filename.c Actions
Task #4037: Convert unittests to new FAIL/PASS API: detect-filesha1.c Actions
Task #4038: Convert unittests to new FAIL/PASS API: detect-filesha256.c Actions
Task #4040: Convert unittests to new FAIL/PASS API: detect-fragoffset.c Actions
Task #4041: Convert unittests to new FAIL/PASS API: detect-gid.c Actions
Task #4045: Convert unittests to new FAIL/PASS API: detect-icode.c Actions
Task #4046: Convert unittests to new FAIL/PASS API: detect-id.c Actions
Task #4047: Convert unittests to new FAIL/PASS API: detect-ipopts.c Actions
Task #4048: Convert unittests to new FAIL/PASS API: detect-iprep.c Actions
Task #4052: Convert unittests to new FAIL/PASS API: detect-mark.c Actions
Task #4053: Convert unittests to new FAIL/PASS API: detect-msg.c Actions
Task #4055: Convert unittests to new FAIL/PASS API: detect-rfb-secresult.c Actions
Task #4056: Convert unittests to new FAIL/PASS API: detect-rpc.c Actions
Task #4057: Convert unittests to new FAIL/PASS API: detect-sameip.c Actions
Task #4058: Convert unittests to new FAIL/PASS API: detect-sid.c Actions
Task #4157: deprecation: remove dns eve v1 logging (May 2022) Actions
Task #4182: lua: Use lua_pushinteger for pushing integer types as integers instead of floats Actions
Task #4221: Build Suricata into a static and shared library Actions
Task #4444: files: store files in transactions instead of per flow state Actions
Task #4446: pcre2: document changes vs prce1 for rule writers Actions
Task #4480: Packaging/RPM: Remove engine provided rules from /etc/suricata/rules Actions
Task #4667: libhtp 0.5.39 Actions
Task #4668: Remove Prelude output Actions
Task #4721: http2: enable by default Actions
Task #4784: config: add suricata version as a comment to the top of the configuration file Actions
Task #4796: af-packet: remove non-mmap tpacket-v1 support Actions
Task #4866: rust/nfs/*: add unit tests Actions
Task #4909: devguide: move into userguide as last chapter Actions
Task #4912: Update default rule path to /var/lib/suricata/rules. Actions
Task #4915: transversal: update references to suricata webpage Actions
Task #4966: tracking: QUIC protocol support Actions
Task #4970: libhtp 0.5.40 Actions
Task #4992: dcerpc: convert parser to nom7 functions Actions
Task #4993: asn1: convert parser to nom7 functions Actions
Task #4994: ike: convert parser to nom7 functions Actions
Task #4995: snmp: convert parser to nom7 functions Actions
Task #4996: rdp: convert parser to nom7 functions Actions
Task #4997: mime: convert parser to nom7 functions Actions
Task #4998: krb: convert parser to nom7 functions Actions
Task #4999: ntp: convert parser to nom7 functions Actions
Task #5000: rfb: convert parser to nom7 functions Actions
Task #5001: x509: convert parser to nom7 functions Actions
Task #5002: applayertemplate: convert parser to nom7 functions Actions
Task #5143: QUIC: support JA3 Actions
Task #5166: quic: Support older versions like Q039 and Q043 Actions
Task #5175: nfs4: Improve compound record parsers Actions
Task #5179: stats/alert: log out to stats alerts that have been discarded from packet queue Actions
Task #5319: add `alert-queue-expand-fails` command-line option Actions
Task #5475: doc: add exception policy documentation Actions
Task #5497: github-ci: update runners using ubuntu-18.04 image Actions
Task #5569: transversal: update references to suricata webpage version 2 Actions
Documentation #3017: No documentation for "rawbytes" keyword Actions
Documentation #3029: No documentation for "dcerpc" keywords Actions
Documentation #3030: doc: document for "smb" keywords Actions
Documentation #4396: Devguide: Transactions and State overview Actions
Documentation #4590: DevGuide: add page about how to go from pcap to unittests and when to go with Suricata Verify tests Actions
Documentation #4671: Document changes to HTTP events with respect to http/http2 normalization Actions
Documentation #4725: Inconsistent "needs" key documentation for Lua functions Actions
Documentation #4949: userguide: add explanation on max-streams in the suricata.yaml page Actions
Documentation #5130: doc: add flowbits ORing doc Actions
Documentation #5364: userguide: reorganize `Application Layers Parsers` and `Application layers` subsections in the suricata.yaml page Actions
Documentation #5385: userguide: update rule's format document Actions
Documentation #5441: userguide: rules meta page updates Actions
Documentation #5511: userguide: add subsection about setting up Suri in IPS mode with DPDK Actions
Documentation #5542: userguide: add section about landlock under Config hardening Actions
Security #4504: tcp: Evasion possibility on wrong/unexpected ACK value in crafted SYN packets Actions
Security #4569: tcp: crafted injected packets cause desync after 3whs Actions
Security #4710: tcp: Bypass of Payload Detection on TCP RST with options of MD5header Actions
Security #4857: ftp: SEGV at flow cleanup due to protocol confusion Actions
Security #5023: smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input Actions
Security #5024: ftp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input Actions
Security #5187: Rust regex crate security advisory CVE-2022-24713 Actions
Security #5237: nfs: arbitrary allocation from nfs4_res_secinfo_no_name Actions
Security #5243: protocol detection: exploitable type confusion due to concurrent protocol changes Actions
Security #5244: Infinite loop in JsonFTPLogger Actions
Security #5399: mqtt: DOS by quadratic with too many transactions in one parse Actions
Security #5408: filestore: Segfault with filestore enabled and forced Actions
Security #5571: ips: encapsulated packet logged as dropped, but not actually dropped Actions