⚲
Project
General
Profile
Sign in
Register
Home
Projects
Help
Search
:
Suricata
All Projects
Suricata
Overview
Activity
Roadmap
Issues
Wiki
Files
7.0.0-beta1
closed
10/25/2022
100%
482 issues
(
482 closed
— 0 open)
Issues by
Tracker
Status
Priority
Author
Assignee
Category
Bug
287/287
Feature
57/57
Optimization
45/45
Task
64/64
Documentation
16/16
Security
13/13
Related issues
Bug #2190
: apparent 1000 character limit in threshold.conf IP lists
Actions
Bug #2510
: Suricata doesnt decompress HTTP Post body
Actions
Bug #2802
: iprep: use_cnt can get desynchronized (SIGABRT)
Actions
Bug #2809
: Applayer Mismatch protocol both directions for kerberos AS-REQ/KDC_ERR_PREAUTH_REQUIRED exchange
Actions
Bug #3109
: dcerpc engine not generating alerts
Actions
Bug #3235
: Makefile:936: recipe for target 'install-rules' failed
Actions
Bug #3419
: af-packet: cluster_id is not used when trying to set fanout support
Actions
Bug #3432
: python: ensure proper shabang on python scripts
Actions
Bug #3475
: SMB evasion against EICAR file detection
Actions
Bug #3542
: FTP: expectation created in wrong direction.
Actions
Bug #3685
: Incorrect logging level for messages
Actions
Bug #3703
: fileinfo "stored: false" even if the file is kept on disk
Actions
Bug #3846
: Infinite loop if the sniffing interface temporarily goes down
Actions
Bug #3995
: SIGABRT stream-tcp-reassemble
Actions
Bug #3996
: SIGABRT: SMTPTransactionComplete
Actions
Bug #4080
: DCERPCUDPState handle fragmented data functions pegging certain CPU cores/threads
Actions
Bug #4096
: flow manager: 200% CPU in KVM host with no activity with Suricata 6
Actions
Bug #4106
: Duplicate TLS subjects in tls metadata.
Actions
Bug #4152
: fatal error: 'gnu/stubs-32.h' file not found
Actions
Bug #4171
: Failed assert in TCPProtoDetectCheckBailConditions size_ts > 1000000UL
Actions
Bug #4187
: rs_dcerpc_udp_get_tx takes out unusual amount of CPU
Actions
Bug #4198
: dcerpc: no alert triggered with dce opnum in 6.0
Actions
Bug #4199
: Transformation keyword can’t trigger an alert
Actions
Bug #4202
: Wrong stream side after direction change
Actions
Bug #4205
: eve: Memory leak from jsonbuilder in @MetadataJson@
Actions
Bug #4206
: dns: output flags not set correctly on 32 bit systems
Actions
Bug #4208
: Suricata crashes with multi-threaded eve logger and HTTP/2 traffic
Actions
Bug #4210
: Alert not generated with 2 rules - http.request body (alone) and http.request_body/url_decode
Actions
Bug #4211
: Not all manpages are built by docs Makefile
Actions
Bug #4216
: 5.0.5 in socket mode crashes when using file-store due to uninitialized stats_ctx
Actions
Bug #4224
: modbus: Request flood leads to CPU exhaustion
Actions
Bug #4225
: SC_ERROR_CONF_YAML_ERROR anomaly logger error when in socket mode
Actions
Bug #4228
: tcp/async: incorrect flagging of ACK values as invalid
Actions
Bug #4231
: ICMPv6 failed assert p->icmpv6h == NULL with icmpv6.hdr
Actions
Bug #4232
: Protocol detection evasion enip-SMB
Actions
Bug #4233
: ssl : Integer underflow in ssl parsing SSLV3_HANDSHAKE_PROTOCOL
Actions
Bug #4238
: tcp/fastopen: false positive on "invalid option"
Actions
Bug #4239
: dataset file not written when run as user
Actions
Bug #4245
: SMTP/Email Body md5: Only logs the md5 of the first part in a multi-part mime message
Actions
Bug #4246
: Assertion failed in AdjustToAcked delta > 10000000ULL && delta > stream->window
Actions
Bug #4247
: detect: NOOPT flag not enforced correctly
Actions
Bug #4253
: lua: flowint/flowvar API naming consistency
Actions
Bug #4254
: Leak in signature parsing with urilen
Actions
Bug #4258
: ftp-data: support for file.name keyword is incomplete
Actions
Bug #4261
: Mismatch between capture and outputs in rules leads to seg fault
Actions
Bug #4262
: ebpf: llc detection failure
Actions
Bug #4267
: output: don't use /etc/protocols
Actions
Bug #4271
: datasets: reference counter issue in string lookup
Actions
Bug #4272
: Timeout in libhtp with lzma in gzip to be decompressed in many responses
Actions
Bug #4273
: protodetect: SEGV due to NULL ptr deref
Actions
Bug #4274
: Suricata crashes at exit in NFQ mode
Actions
Bug #4275
: Datasets writing limits on exit
Actions
Bug #4277
: SIGABRT: rust panic HTTP2State
Actions
Bug #4280
: Suricata is not fully reading or loading the iprep files
Actions
Bug #4320
: Heap use after free in parsing signatures with ip_proto and prefilter
Actions
Bug #4331
: libhtp: don't put stream in error state on compression issues
Actions
Bug #4335
: Stack-buffer-overflow READ 4 in SetupU8Hash
Actions
Bug #4348
: ftp: "g_expectation_data_id" and "g_expectation_id" in AppLayerExpectationHandle function
Actions
Bug #4361
: detect: file.data performance regression
Actions
Bug #4369
: Configuration test mode succeeds when threshold.config file contains invalid content
Actions
Bug #4375
: segv in ApplyToU8Hash
Actions
Bug #4376
: TCP flow that retransmits the SYN with a newer TSval not properly tracked
Actions
Bug #4379
: flow manager: using too much CPU during idle
Actions
Bug #4387
: Heap-use-after-free READ 8 · JsonDNP3LoggerToClient
Actions
Bug #4388
: Protocol detection evasion enip-dns
Actions
Bug #4389
: Protocol detection tls-dcerpc
Actions
Bug #4394
: detect: "drop" on protocol detect only rule doesn't drop flow
Actions
Bug #4395
: Incorrect AppLayerResult::incomplete for RDP
Actions
Bug #4397
: eve.drop: alerts option logs lowest priority alert
Actions
Bug #4400
: Panic in Rust HTTP2 dynamic headers table eviction
Actions
Bug #4401
: Quadratic complexity in libhtp chunk parsing
Actions
Bug #4403
: Use after free or read overflow or use of unitized memory in TransformStripWhitespace called by HttpServerBodyXformsGetDataCallback
Actions
Bug #4404
: eve/mqtt: mqtt logging crashes when eve is multithreaded
Actions
Bug #4407
: threshold: slow startup on threshold.config with many addresses in suppression
Actions
Bug #4424
: ftp: Memory leak with duplicate FTP expectation
Actions
Bug #4425
: threaded eve: files not closed on deinitialization
Actions
Bug #4428
: Rust panic in suricata::dcerpc::detect::handle_input_data (buffer overread)
Actions
Bug #4433
: Debug assert failed in ikev1 logger
Actions
Bug #4434
: Duplicate alert record in eve log when using unix-socket mode
Actions
Bug #4436
: Buffer overread in SMTP SMTPParseCommandBDAT
Actions
Bug #4437
: dns: high resource usage on long lived dns connections
Actions
Bug #4438
: Null-dereference in HTTP2MimicHttp1Request in midstream
Actions
Bug #4439
: eve: log alert direction
Actions
Bug #4440
: eve: log if flow had gap
Actions
Bug #4442
: build: Build failure on FreeBSD
Actions
Bug #4447
: ipv6 & ftp & passive mode & error
Actions
Bug #4448
: Properly set the ICMP emergency-bypassed value
Actions
Bug #4472
: YAML -- interpretation of "~" (tilde)
Actions
Bug #4473
: Timeout in ftp parsing rs_ftp_active_eprt
Actions
Bug #4476
: heap-buffer-overflow WRITE in InspectionBufferSetup with use of InspectionBufferGetMulti
Actions
Bug #4477
: Infinite loops in when using InspectionBufferMultipleForList
Actions
Bug #4478
: freebsd: lockups due to mutex handling issues
Actions
Bug #4491
: rules: rules w/o sid accepted, leading to alerts with signature_id: 0
Actions
Bug #4494
: Failed assertion in HTTP2 decompression
Actions
Bug #4495
: output: threaded output coverity warning
Actions
Bug #4502
: TCP reassembly memuse approaching memcap value results in TCP detection being stopped
Actions
Bug #4503
: Buffer overflow in "by_rule" threshold context
Actions
Bug #4505
: Rust panic while parsing (new rust) modbus rule
Actions
Bug #4508
: SSH bypass is not working
Actions
Bug #4509
: Incorrect flags in Rust
Actions
Bug #4516
: Integer overflows
Actions
Bug #4523
: Application log cannot to be re-opened when running as non-root user
Actions
Bug #4525
: segv with --set cmdline option if incorrect key is provided
Actions
Bug #4527
: Fix implicit conversions in traffic facing source code modules
Actions
Bug #4528
: Fix implicit conversions in detection modules
Actions
Bug #4530
: DOS Quadratic complexity when having too many transactions
Actions
Bug #4533
: Rust modbus parser does not handle gaps as it claims
Actions
Bug #4534
: Timeout in ikev2 parsing
Actions
Bug #4536
: SWF decompression overread
Actions
Bug #4537
: alert count shows up as 0 when stats are disabled
Actions
Bug #4540
: unused variables warnings on Windows compiles with rust
Actions
Bug #4549
: TCP reassembly, failed assert app_progress > last_ack_abs, both sides need to be pruned
Actions
Bug #4558
: DNP3: intra structure overflow in DNP3DecodeObjectG70V6
Actions
Bug #4560
: Quadratic complexity in HTTP2 gzip decompression
Actions
Bug #4561
: Failed assertion in SMTP SMTPTransactionComplete
Actions
Bug #4562
: Memory leak in Protocol change during protocol detection
Actions
Bug #4563
: Rules based on SSH banner-related keywords only match on acked data
Actions
Bug #4570
: eve/flow: many flows logged with reason==unknown
Actions
Bug #4577
: coverity: minor warnings
Actions
Bug #4581
: Excessive qsort/msort time when large number of rules using tls.fingerprint
Actions
Bug #4582
: BUG_ON triggered from TmThreadsInjectFlowById
Actions
Bug #4586
: segmentfault when reopen redis
Actions
Bug #4619
: HTTP2 null dereference in upgrade
Actions
Bug #4620
: Protocol detection : confusion with SMB in midstream
Actions
Bug #4621
: rust panic: when using smb stream-depth
Actions
Bug #4622
: File deletions over SMB are not always logged
Actions
Bug #4650
: Stream TCP raw reassembly is leaking
Actions
Bug #4654
: tcp: insert_data_normal_fail can hit without triggering memcap
Actions
Bug #4659
: Configuration test mode succeeds when reference.config file contains invalid content
Actions
Bug #4663
: rules: drop rules with noalert not fully dropping
Actions
Bug #4664
: ipv6 evasions : fragmentation
Actions
Bug #4666
: http: ipv6 address is a valid host
Actions
Bug #4670
: rules: mix of drop and pass rules issues
Actions
Bug #4679
: IPv6 : decoder event on invalid fragment length
Actions
Bug #4680
: nfs: failed assert self.tx_data.files_logged > 1
Actions
Bug #4681
: Wrong list_id with transforms for http_client_body and http file_data
Actions
Bug #4685
: detect: too many prefilter engines lead to FNs
Actions
Bug #4692
: lua: file info callback returns wrong value
Actions
Bug #4699
: coverity warnings after output changes
Actions
Bug #4719
: http2: byte-range test fails intermittently
Actions
Bug #4720
: pcre2: ASAN heap-buffer-overflow
Actions
Bug #4722
: flows: TCP flow timeout handling stuck if there is no traffic
Actions
Bug #4724
: pcre2: scan-build warning
Actions
Bug #4731
: flows: spare pool not freeing flows aggressively enough
Actions
Bug #4737
: ubsan: bytejump warning
Actions
Bug #4739
: Absent app-layer protocol is always enabled by default
Actions
Bug #4741
: Quadratic complexity in modus due to missing tx_iterator
Actions
Bug #4752
: Memory leak in SNMP with DetectEngineState
Actions
Bug #4754
: Invalid range leads to OOM
Actions
Bug #4757
: Incomplete range with overlap, and expected new bytes, lead to incomplete reassembly
Actions
Bug #4764
: range: no validity check with HTTP2 leads to over allocation
Actions
Bug #4765
: loopback: different AF_INET6 values per OS
Actions
Bug #4766
: Flow leaked when flow->use_cnt access race happens
Actions
Bug #4767
: Rule error in SMB dce_iface and dce_opnum keywords
Actions
Bug #4769
: dcerpc dce_iface just match a packet
Actions
Bug #4771
: pcrexform: does not capture substring but whole match
Actions
Bug #4778
: flow/bypass: app-layer/stream resources not freed when bypass activated
Actions
Bug #4779
: flow/bypass: flow worker not performing flow timeout "housekeeping"
Actions
Bug #4785
: af-packet: threads sometimes get stuck in capture
Actions
Bug #4800
: af-packet: flag colision between kernel and Suricata
Actions
Bug #4801
: af-packet: tpacket v3 socket reference handling broken
Actions
Bug #4803
: af-packet: up/down logic leaks resources in autofp (tpacket v2)
Actions
Bug #4804
: af-packet: tpacket v3 if/down logic broken
Actions
Bug #4807
: packetpool: packets in pool may have capture method ReleasePacket callbacks set
Actions
Bug #4808
: flow: worker-evicted flows need to be processed quicker
Actions
Bug #4810
: pppoe decoder fails when protocol identity field is only 1 byte
Actions
Bug #4811
: Range: memory leak from HTTP2
Actions
Bug #4812
: conf: quadratic complexity
Actions
Bug #4817
: smtp: smtp transaction not logged if no email is present
Actions
Bug #4828
: flow: flows not evicted & freed in time
Actions
Bug #4836
: profiling: Invalid performance counter when using sampling
Actions
Bug #4839
: Memory leak with signature using file_data and NFS
Actions
Bug #4842
: smb: excessive memory use during file transfer
Actions
Bug #4848
: TFTP: memory leak due to missing detect state
Actions
Bug #4849
: protodetect: SMB vs TLS protocol detection in midstream
Actions
Bug #4859
: dnp3: buffer over read in logging base64 empty objects
Actions
Bug #4860
: eve.json remove app-layer specific fields from root object
Actions
Bug #4862
: MQTT : transactions are never cleaned by AppLayerParserTransactionsCleanup
Actions
Bug #4877
: Run stream reassembly on both directions upon receiving a FIN packet
Actions
Bug #4882
: Netmap configuration -- need a configuration option for non-standard library locations.
Actions
Bug #4920
: detect/app-layer-protocol: app-layer-protocol:http broken
Actions
Bug #4924
: dns: transaction not created when z-bit set
Actions
Bug #4935
: DPDK: Packet counters set incorrectly
Actions
Bug #4941
: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit
Actions
Bug #4945
: smb: excessive CPU utilization and higher packet processing latency due to excessive calls to Vec::extend_from_slice()
Actions
Bug #4947
: suricatasc loop if recv returns no data
Actions
Bug #4948
: SMTP assertion triggered
Actions
Bug #4953
: stream: too aggressive pruning in lossy streams
Actions
Bug #4969
: Libhtp timeout lzma reallocing dictionary
Actions
Bug #4972
: Null deference in ConfigApplyTx
Actions
Bug #5007
: pgsql: coverity warning
Actions
Bug #5009
: dpdk: fails to compile on ubuntu 22.04
Actions
Bug #5011
: frames: buffer overread in SigValidate
Actions
Bug #5016
: pgsql: fix possible unsigned integer overflow
Actions
Bug #5018
: MQTT can return AppLayerResult::incomplete forever and buffer forever
Actions
Bug #5019
: dataset: error with space in rule language
Actions
Bug #5034
: dns: probing/parser can return error when it should return incomplete
Actions
Bug #5040
: stats: add app-layer error counters
Actions
Bug #5046
: Documentation copyright years are invalid
Actions
Bug #5065
: frames: coverity warning
Actions
Bug #5066
: detect/iponly: mixing netblocks can lead to FN/FP
Actions
Bug #5070
: Stacktrace logger should propagate original signal
Actions
Bug #5073
: Off-by-one in flow-manager flow_hash row allocation
Actions
Bug #5077
: byte_math rule options need to be in order or will fail otherwise
Actions
Bug #5079
: swf: coverity warning
Actions
Bug #5080
: eve/dnp3: coverity warnings for string handling
Actions
Bug #5081
: detect/iponly: rule parsing does not always apply netmask correctly
Actions
Bug #5084
: iprep: cidr support can set up radix incorrectly
Actions
Bug #5085
: defrag: policy config can setup radix incorrectly
Actions
Bug #5086
: htp: server personality radix handling issue
Actions
Bug #5093
: rust/proc-macro-crate: pin to old version to support our MSRV
Actions
Bug #5094
: output: timestamp missing usecs on Arm 32bit + Musl
Actions
Bug #5144
: Failed assert DeStateSearchState
Actions
Bug #5145
: nfs: Integer underflow in NFS
Actions
Bug #5146
: libhtp: does not handle 100 continue if there is a 0 Content Length
Actions
Bug #5147
: frames: debug assertion on SMB2 traffic
Actions
Bug #5162
: inspection of smb traffic without smb/dcerpc doesn't work correct.
Actions
Bug #5168
: detect/iponly: non-cidr netmask settings can lead incorrect detection
Actions
Bug #5174
: MIME URL extraction creates invalid url in JSON
Actions
Bug #5183
: TLS Handshake Fragments not Reassembled
Actions
Bug #5188
: SSL : over allocation for certificates
Actions
Bug #5197
: fast_pattern assignment of specific content results in FN
Actions
Bug #5200
: libbpf: Use of legacy code in eBPF/XDP programs
Actions
Bug #5201
: content:"22 2 22"; is parsed without error
Actions
Bug #5208
: DCERPC protocol detection when nested in SMB
Actions
Bug #5222
: SSH built-in rules are not included in the source tarball
Actions
Bug #5223
: base64_decode does not populate base64_data buffer once hitting non-base64 chars
Actions
Bug #5226
: Frames: failed assertion !((int64_t)data_len > frame->len)
Actions
Bug #5228
: pcre2: SEGV during rule loading
Actions
Bug #5236
: frame: buffer over read in SCACSearch
Actions
Bug #5238
: frame: memory leak in signature parsing
Actions
Bug #5246
: smb: integer underflows and overflows
Actions
Bug #5248
: flow: double unlock in tcp reuse case
Actions
Bug #5259
: rust: update time dependency
Actions
Bug #5260
: rust: update regex dependency
Actions
Bug #5268
: mqtt: integer underflow with truncated
Actions
Bug #5276
: eve: payload field randomly missing even if the packet field is present
Actions
Bug #5278
: app-layer: Allow for non slice based transaction containers in generate get iterator (rust)
Actions
Bug #5280
: nfs: ASSERT: attempt to subtract with overflow (compound)
Actions
Bug #5281
: ftp: don't let first incomplete segment be over maximum length
Actions
Bug #5285
: frame: assertion failed in PrefilterMpmFrame
Actions
Bug #5291
: cppcheck: various static analyzer "warning"s
Actions
Bug #5294
: mqtt: convert to vecdeque
Actions
Bug #5295
: rdp: convert transaction list to vecdeque
Actions
Bug #5296
: http2: convert transaction list to vecdeque
Actions
Bug #5297
: pgsql: convert transaction list to vecdeque
Actions
Bug #5298
: template (rust): convert transaction list to vecdeque
Actions
Bug #5306
: dcerpc: unsigned integer overflow in parse_dcerpc_bindack
Actions
Bug #5308
: file handling: avoid toctou race conditions
Actions
Bug #5309
: CIDR prefix calculation fails on big endian archs
Actions
Bug #5310
: detect: several potential infinite loops by comparing u16 to size_t
Actions
Bug #5312
: test failure on Ubuntu 22.04 with GCC 12
Actions
Bug #5313
: python: distutils deprecation warning
Actions
Bug #5314
: ftp: quadratic complexity for tx iterator with linked list
Actions
Bug #5315
: decode/mime: base64 decoding for data with spaces is broken
Actions
Bug #5316
: smtp: PreProcessCommands does not handle all the edge cases
Actions
Bug #5317
: flow manager: end of flow counters not working
Actions
Bug #5327
: track by_rule|by_both incorrectly rejected for global thresholds
Actions
Bug #5329
: rust: inconsistency between rust structure RustParser and C structure AppLayerParser
Actions
Bug #5330
: flow: vlan.use-for-tracking is not used for ICMPv4
Actions
Bug #5331
: stacktrace-on-signal: Kills all processes in the same process group
Actions
Bug #5353
: detect/alert: fix segvfault when incrementing discarded alerts if alert-queue-expand fails
Actions
Bug #5361
: IPS: ip only rules, but with negated addresses not treated like pure ip-only rules in IPS context
Actions
Bug #5368
: bypass: Memory leak of some flow bypass objects.
Actions
Bug #5377
: modbus: probing parser recognizes modbus with unknown function code
Actions
Bug #5386
: detect/threshold: offline time handling issue
Actions
Bug #5390
: smb: have default stream-depth of 0
Actions
Bug #5391
: events: PACKET_RECYCLE does not reset event_last_logged
Actions
Bug #5392
: fileinfo: inconsistent file size tracking for GAPs
Actions
Bug #5401
: tcp: assertion failed in DoInsertSegment (BUG_ON)
Actions
Bug #5402
: detect: will still inspect packets of a "dropped" flow for non-TCP
Actions
Bug #5409
: PCRE: use match and recursion limit for pcrexform
Actions
Bug #5412
: SMB status errors list is incomplete
Actions
Bug #5419
: Failed assert DeStateSearchState
Actions
Bug #5455
: ike: logging state transforms instead of transaction transforms
Actions
Bug #5457
: Counters are not initialized in all places.
Actions
Bug #5458
: Reject action is no longer working
Actions
Bug #5507
: DHCP: signature keyword for renewal_time
Actions
Bug #5508
: SMB2 async responses are not matched with its request
Actions
Bug #5518
: dcerpc: More efficient transaction handling for UDP
Actions
Bug #5521
: detect: transform strip whitespace creates a 0-sized variable-length array
Actions
Bug #5527
: postgresql: limit number of live transactions
Actions
Bug #5536
: detect: flow.age keyword
Actions
Bug #5538
: Compiler Warning on Fedora 36 / gcc 12.2.1
Actions
Bug #5581
: eve: mac address logging for packet records reverses direction
Actions
Bug #5584
: detect/tag: timeout handling issues on windows
Actions
Bug #5595
: eve/alert: SEGV in files to alert logging
Actions
Feature #120
: Capture full session on alert
Actions
Feature #1096
: tls: client certificate handling
Actions
Feature #1369
: eve: json schema
Actions
Feature #1478
: Active flow counters
Actions
Feature #1576
: http: byte-range support
Actions
Feature #2054
: Extracting HTTPS URL´s from SMTP, currently only HTTP is supported
Actions
Feature #2096
: eve: event_type for MODBUS
Actions
Feature #2323
: Applayer support for telnet
Actions
Feature #2450
: lua: scripts access to calling rule informations
Actions
Feature #2697
: prefilter support for stream_size
Actions
Feature #3002
: Flow and Netflow Not Logging ESP Traffic
Actions
Feature #3285
: rules: XOR keyword
Actions
Feature #3292
: support for network service header (NSH)
Actions
Feature #3440
: Add GQUIC Protocol Analysis and CYU Fingerprinting
Actions
Feature #3512
: stream depth event rule
Actions
Feature #3701
: eve: add tenant_id in eve-log for other types than alert
Actions
Feature #3767
: Add IKEv1 parser
Actions
Feature #3887
: yaml: Increase maximum size for address vars
Actions
Feature #3957
: Convert protocol to Rust: Modbus
Actions
Feature #4116
: http2: body compression handling
Actions
Feature #4117
: http2: byte-range support
Actions
Feature #4142
: file.data: support for NFS
Actions
Feature #4144
: file.data: support for request side files in HTTP
Actions
Feature #4241
: Protocol support: PostgreSQL (pgsql)
Actions
Feature #4332
: Makes libhtp decompression time limit configurable from Suricata
Actions
Feature #4386
: Support for RFC2231
Actions
Feature #4406
: unix socket: Get flow information by flow_id
Actions
Feature #4498
: decoder: add VN-Tag support
Actions
Feature #4507
: dpdk: initial support for IDS and IPS modes
Actions
Feature #4515
: Add DNS logging of Z flag
Actions
Feature #4526
: SIGSEGV handling -- log stack before aborting
Actions
Feature #4541
: netmap: new API version (14) supports multi-ring software mode
Actions
Feature #4550
: pthreads: set minimum stack size
Actions
Feature #4551
: eve: add direct base64 to json option to json builder
Actions
Feature #4556
: HTTP2: support deflate decompression
Actions
Feature #4872
: nfs: add stream app-layer frame support
Actions
Feature #4967
: QUIC v1 support
Actions
Feature #4983
: frames: support UDP
Actions
Feature #4984
: dns: add frames support
Actions
Feature #5036
: sip: add frames support
Actions
Feature #5190
: new tls.random keyword
Actions
Feature #5191
: new keyword for self signed certificates
Actions
Feature #5202
: eve/drop: include drop "reason"
Actions
Feature #5214
: ips: allow dropping of flow if stream.memcap is hit
Actions
Feature #5215
: ips: allow dropping of flow if stream.reassembly.memcap is hit
Actions
Feature #5216
: ips: allow dropping of flow if flow.memcap is hit
Actions
Feature #5218
: ips: allow dropping of flow if applayer reaches error state
Actions
Feature #5411
: Add keywords for user and domain seen in smb
Actions
Feature #5413
: DCERPC logging is not easy to use in analysis
Actions
Feature #5416
: SNMP: signature keyword for usm
Actions
Feature #5435
: DHCP: signature keyword for lease_time
Actions
Feature #5442
: kerberos: log ticket encryption method
Actions
Feature #5468
: ips: midstream: add "exception policy" for midstream
Actions
Feature #5479
: Add landlock support
Actions
Feature #5503
: ips: add "reject" action to exception policies
Actions
Feature #5506
: DHCP: signature keyword for rebinding_time
Actions
Feature #5509
: App-layer event for protocol change failure
Actions
Optimization #2405
: files: Use FileTruncateAllOpenFiles for every app layer protocol
Actions
Optimization #3315
: app-layer: unify registration logic
Actions
Optimization #3658
: Use WARN_UNUSED for ByteExtract* functions
Actions
Optimization #3825
: Defining only one basic rust Files structure
Actions
Optimization #3832
: rust: Make core::* as enum to improve readability
Actions
Optimization #4066
: Add a PASS_IF_NULL macro to the FAIL/PASS API
Actions
Optimization #4112
: Use generic rust DetectU32Data in every keyword needing this
Actions
Optimization #4126
: Threaded eve logging for output types other than regular file (socket, plugins, redis etc)
Actions
Optimization #4154
: Rust Parsers: Abstract AppLayer events to a derive macro
Actions
Optimization #4207
: Use configurable or more dynamic @ PACKET_ALERT_MAX@
Actions
Optimization #4319
: dcerpc: improve protocol detection
Actions
Optimization #4366
: decoder: limit number of decoding layers
Actions
Optimization #4371
: Sphinx Warning about deprecated function
Actions
Optimization #4427
: storage api: use dedicated 'id' type
Actions
Optimization #4475
: Rust: Make default_port in parser registration an Option
Actions
Optimization #4496
: decode: remove NULL checks after header casts
Actions
Optimization #4497
: rust: clean up constructors of state, transaction structs
Actions
Optimization #4555
: HTTP2: what to do when HTTP upgrade is requested and HTTP2 is disabled ?
Actions
Optimization #4593
: Fix warning about "mixed case hex literals"
Actions
Optimization #4595
: Fix warning about "comparing with null"
Actions
Optimization #4597
: Fix warning about "enum's name"
Actions
Optimization #4599
: Fix warning about "ptr_arg"
Actions
Optimization #4604
: Fix warning about "branches sharing code"
Actions
Optimization #4605
: Fix warning about "unnecessary nested match"
Actions
Optimization #4609
: Fix warning about "if same then else"
Actions
Optimization #4613
: Fix warning about "large enum variant"
Actions
Optimization #4616
: Fix warning about "match single binding"
Actions
Optimization #4618
: Fix warning about "inherent to string"
Actions
Optimization #4653
: Flow cleaning with chunked approach is memory hungry
Actions
Optimization #4711
: Clang 14 and rust nightly new warnings
Actions
Optimization #4748
: app-layer/rust: explore if tx iterator can be implemented as a trait
Actions
Optimization #4795
: Remove PASS_IF macro from the FAIL/PASS API
Actions
Optimization #4805
: af-packet: move vlan hdr insert logic to capture/decode
Actions
Optimization #4907
: smtp: use AppLayerResult instead of buffering wherever possible
Actions
Optimization #4943
: alerts: use alert queing in DetectEngineThreadCtx
Actions
Optimization #4991
: pgsql: convert parser to nom7 functions
Actions
Optimization #5229
: rules: too much time spent in SigMatchListSMBelongsTo at startup
Actions
Optimization #5230
: rules: too much time spent in DetectUnregisterThreadCtxFuncs due to pcre2
Actions
Optimization #5231
: rules: mpm setup more costly than needed
Actions
Optimization #5232
: rules: pattern id assignment is too slow
Actions
Optimization #5400
: dpdk: allow specifying of `rss_hf` flags in config
Actions
Optimization #5454
: http2: slow http2_frames_get_header_value_vec because of allocation
Actions
Optimization #5481
: tls: support incomplete API to replace internal buffering
Actions
Optimization #5577
: Fix warning about "comparing with null" in debug code
Actions
Optimization #5592
: tunnel: spinlock for tunnel packet sync
Actions
Task #3194
: pcre2 support
Actions
Task #3905
: GitHub CI: use sccache for commits build
Actions
Task #4021
: Convert unittests to new FAIL/PASS API - detect-dsize.c
Actions
Task #4024
: Convert unittests to new FAIL/PASS API: detect-engine.c
Actions
Task #4025
: Convert unittests to new FAIL/PASS API: detect-engine-event.c
Actions
Task #4026
: Convert unittests to new FAIL/PASS API: detect-engine-payload.c
Actions
Task #4027
: Convert unittests to new FAIL/PASS API: detect-engine-proto.c
Actions
Task #4028
: Convert unittests to new FAIL/PASS API: detect-engine-siggroup.c
Actions
Task #4031
: Convert unittests to new FAIL/PASS API: detect-fast-pattern.c
Actions
Task #4032
: Convert unittests to new FAIL/PASS API: detect-file-data.c
Actions
Task #4033
: Convert unittests to new FAIL/PASS API: detect-fileext.c
Actions
Task #4034
: Convert unittests to new FAIL/PASS API: detect-filemagic.c
Actions
Task #4035
: Convert unittests to new FAIL/PASS API: detect-filemd5.c
Actions
Task #4036
: Convert unittests to new FAIL/PASS API: detect-filename.c
Actions
Task #4037
: Convert unittests to new FAIL/PASS API: detect-filesha1.c
Actions
Task #4038
: Convert unittests to new FAIL/PASS API: detect-filesha256.c
Actions
Task #4040
: Convert unittests to new FAIL/PASS API: detect-fragoffset.c
Actions
Task #4041
: Convert unittests to new FAIL/PASS API: detect-gid.c
Actions
Task #4045
: Convert unittests to new FAIL/PASS API: detect-icode.c
Actions
Task #4046
: Convert unittests to new FAIL/PASS API: detect-id.c
Actions
Task #4047
: Convert unittests to new FAIL/PASS API: detect-ipopts.c
Actions
Task #4048
: Convert unittests to new FAIL/PASS API: detect-iprep.c
Actions
Task #4052
: Convert unittests to new FAIL/PASS API: detect-mark.c
Actions
Task #4053
: Convert unittests to new FAIL/PASS API: detect-msg.c
Actions
Task #4055
: Convert unittests to new FAIL/PASS API: detect-rfb-secresult.c
Actions
Task #4056
: Convert unittests to new FAIL/PASS API: detect-rpc.c
Actions
Task #4057
: Convert unittests to new FAIL/PASS API: detect-sameip.c
Actions
Task #4058
: Convert unittests to new FAIL/PASS API: detect-sid.c
Actions
Task #4157
: deprecation: remove dns eve v1 logging (May 2022)
Actions
Task #4182
: lua: Use lua_pushinteger for pushing integer types as integers instead of floats
Actions
Task #4221
: Build Suricata into a static and shared library
Actions
Task #4444
: files: store files in transactions instead of per flow state
Actions
Task #4446
: pcre2: document changes vs prce1 for rule writers
Actions
Task #4480
: Packaging/RPM: Remove engine provided rules from /etc/suricata/rules
Actions
Task #4667
: libhtp 0.5.39
Actions
Task #4668
: Remove Prelude output
Actions
Task #4721
: http2: enable by default
Actions
Task #4784
: config: add suricata version as a comment to the top of the configuration file
Actions
Task #4796
: af-packet: remove non-mmap tpacket-v1 support
Actions
Task #4866
: rust/nfs/*: add unit tests
Actions
Task #4909
: devguide: move into userguide as last chapter
Actions
Task #4912
: Update default rule path to /var/lib/suricata/rules.
Actions
Task #4915
: transversal: update references to suricata webpage
Actions
Task #4966
: tracking: QUIC protocol support
Actions
Task #4970
: libhtp 0.5.40
Actions
Task #4992
: dcerpc: convert parser to nom7 functions
Actions
Task #4993
: asn1: convert parser to nom7 functions
Actions
Task #4994
: ike: convert parser to nom7 functions
Actions
Task #4995
: snmp: convert parser to nom7 functions
Actions
Task #4996
: rdp: convert parser to nom7 functions
Actions
Task #4997
: mime: convert parser to nom7 functions
Actions
Task #4998
: krb: convert parser to nom7 functions
Actions
Task #4999
: ntp: convert parser to nom7 functions
Actions
Task #5000
: rfb: convert parser to nom7 functions
Actions
Task #5001
: x509: convert parser to nom7 functions
Actions
Task #5002
: applayertemplate: convert parser to nom7 functions
Actions
Task #5143
: QUIC: support JA3
Actions
Task #5166
: quic: Support older versions like Q039 and Q043
Actions
Task #5175
: nfs4: Improve compound record parsers
Actions
Task #5179
: stats/alert: log out to stats alerts that have been discarded from packet queue
Actions
Task #5319
: add `alert-queue-expand-fails` command-line option
Actions
Task #5475
: doc: add exception policy documentation
Actions
Task #5497
: github-ci: update runners using ubuntu-18.04 image
Actions
Task #5569
: transversal: update references to suricata webpage version 2
Actions
Documentation #3017
: No documentation for "rawbytes" keyword
Actions
Documentation #3029
: No documentation for "dcerpc" keywords
Actions
Documentation #3030
: doc: document for "smb" keywords
Actions
Documentation #4396
: Devguide: Transactions and State overview
Actions
Documentation #4590
: DevGuide: add page about how to go from pcap to unittests and when to go with Suricata Verify tests
Actions
Documentation #4671
: Document changes to HTTP events with respect to http/http2 normalization
Actions
Documentation #4725
: Inconsistent "needs" key documentation for Lua functions
Actions
Documentation #4949
: userguide: add explanation on max-streams in the suricata.yaml page
Actions
Documentation #5130
: doc: add flowbits ORing doc
Actions
Documentation #5364
: userguide: reorganize `Application Layers Parsers` and `Application layers` subsections in the suricata.yaml page
Actions
Documentation #5375
: Improve documentation for TLS logging options
Actions
Documentation #5385
: userguide: update rule's format document
Actions
Documentation #5441
: userguide: rules meta page updates
Actions
Documentation #5511
: userguide: add subsection about setting up Suri in IPS mode with DPDK
Actions
Documentation #5519
: userguide: update 'dsize' examples and documentation
Actions
Documentation #5542
: userguide: add section about landlock under Config hardening
Actions
Security #4504
: tcp: Evasion possibility on wrong/unexpected ACK value in crafted SYN packets
Actions
Security #4569
: tcp: crafted injected packets cause desync after 3whs
Actions
Security #4710
: tcp: Bypass of Payload Detection on TCP RST with options of MD5header
Actions
Security #4857
: ftp: SEGV at flow cleanup due to protocol confusion
Actions
Security #5023
: smtp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input
Actions
Security #5024
: ftp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input
Actions
Security #5187
: Rust regex crate security advisory CVE-2022-24713
Actions
Security #5237
: nfs: arbitrary allocation from nfs4_res_secinfo_no_name
Actions
Security #5243
: protocol detection: exploitable type confusion due to concurrent protocol changes
Actions
Security #5244
: Infinite loop in JsonFTPLogger
Actions
Security #5399
: mqtt: DOS by quadratic with too many transactions in one parse
Actions
Security #5408
: filestore: Segfault with filestore enabled and forced
Actions
Security #5571
: ips: encapsulated packet logged as dropped, but not actually dropped
Actions
Loading...