Project

General

Profile

8.0.0-beta1

open

Due in about 8 months (04/01/2025)

45%

606 issues   (261 closed345 open)

Issues by
Bug

115/180
Feature

58/158
Optimization

23/63
Task

25/94
Documentation

20/90
Security

20/21
Related issues
Bug #635: Some keywords missing in list-keyword command (like 'tcp-pkt') Actions
Bug #1457: conf: non-standard units used for file size indication Actions
Bug #1826: Rule validation bug with fast_pattern:only and specified buffers Actions
Bug #1926: rule parsing: wrong content checked for fast_pattern (snort compatibility) Actions
Bug #2205: Buffer confusion with fast_pattern:only; Actions
Bug #2224: Negated http_* match returns false if buffer not populated Actions
Bug #2881: http.protocol parsing inaccuracy : accept spaces in URI Actions
Bug #2886: IMAP protocol detection is incomplete Actions
Bug #3182: warn user on wildcard usage without quotes Actions
Bug #3218: ssl_state does the wrong thing Actions
Bug #3236: missing keywords docs on some keywords when --list-keywords is called Actions
Bug #3375: Tracking: file tracking/inspection performance issues Actions
Bug #3436: Suricata Socket Control crashing using command 'reopen-log-files' Actions
Bug #3682: bsize needs to err upon non possible matching conditions Actions
Bug #3910: datasets: for type string the memcap isn't applied to the string data Actions
Bug #4135: dns: response only udp not detected as dns Actions
Bug #4220: failed to hit a signature with option --simulate-ips Actions
Bug #4482: detect: detect events not in rules, not tested (and not working?) Actions
Bug #4522: Rules with stream_size greater than not working Actions
Bug #4571: Unable to trigger rule by content in case of IPv4 in IPv4 incapsulation Actions
Bug #4702: SYN/ACK dropped when client does not support tcp timestamps Actions
Bug #4734: pfring: memory leak Actions
Bug #4786: xbits: no error on invalid 'expire' values Actions
Bug #4815: unix socket: ftp memcap missing from socket commands Actions
Bug #4873: smb: midstream probing check affects performance Actions
Bug #4898: detect: Ensure detection events are logged Actions
Bug #4917: tls: leading GAP in toserver direction leads to various issues Actions
Bug #4921: detect/app-layer-protocol: unexpected results when one direction state "failed" Actions
Bug #5031: flowbits - no error on invalid options Actions
Bug #5037: invalid timestamp in ending events Actions
Bug #5076: keyword content does not work over reassembled TCP Actions
Bug #5165: http: request not logged when response comes before request Actions
Bug #5177: detect/engine-analyzer: rule analyzer warns about http buffers usage/replacement even when using new keyword Actions
Bug #5185: MIME URL extraction missing. Actions
Bug #5196: Suricata test mode should fail when there are invalid config values Actions
Bug #5220: fast_pattern specification in base64_data shouldn't be allowed Actions
Bug #5486: Ethernet metadata is missing for some protocols or parts of a protocol Actions
Bug #5491: SMTP response 530 appears to generate an SMTP invalid response alert Actions
Bug #5524: pgsql: parser should not error on parsing error, so as to keep on parsing the next PDUs Actions
Bug #5539: landlock: coverity warnings Actions
Bug #5689: community id computed wrong for tcp and ipv4 when src_ip == dest_ip Actions
Bug #5711: runmodes: Suricata does not hint anything about missing runmode Actions
Bug #5977: eve/alert: missing KRB5 metadata Actions
Bug #6080: pgsql/probe: TCP on 5432 traffic incorrectly tagged as PGSQL Actions
Bug #6092: eve/alert: missing pgsql metadata Actions
Bug #6186: Integer overflows 64 to 32 bytes Actions
Bug #6254: Error: threads: thread "FB" failed to start in time: flags 0003 Actions
Bug #6275: fail af_xdp at configure time when libxdp is missing? Actions
Bug #6280: base64: strict mode should only accept strings that can be reliably converted back Actions
Bug #6281: dns: structure of query differs between "alert" and "dns" event types Actions
Bug #6291: Performance degradation on Suricata devices with a small number of rules Actions
Bug #6304: schema.json : if protocol such as ENIP is detection only, we do not have _tcp suffix in stats Actions
Bug #6305: drop: assertion failed !(PKT_IS_PSEUDOPKT(p)) && !PacketCheckAction(p, ACTION_DROP) Actions
Bug #6347: log-pcap: crash with suricata.yaml setting max-file to 1 Actions
Bug #6370: plugins: install libsuricata-config by default, or with headers Actions
Bug #6376: Huge increase on Suricata load time with a lot of ip-only rules and bigger HOME_NET Actions
Bug #6384: rust: configure fails to persistently detect/remember cbindgen location Actions
Bug #6389: pgsql: u16 overflow found by oss-fuzz w/ quadfuzz Actions
Bug #6390: file: do not store if filestore:both,flow is triggered after the file was set to nostore Actions
Bug #6393: detect/filestore: be more explicit about the U16_MAX limit per signature group head Actions
Bug #6394: Sudden increase in capture.kernel_drops and tcp.pkt_on_wrong_thread after upgrading to 6.0.14 Actions
Bug #6398: Suricata 7.0.1 threads object in stats contains memcap_pressure scalars Actions
Bug #6400: log of DNS answer is in wrong direction Actions
Bug #6405: eve: ethernet src_mac should match src_ip Actions
Bug #6408: Output plugins receive identifier, but not thread identifier Actions
Bug #6414: detect-engine/port: recursive DetectPortInsert calls are expensive Actions
Bug #6415: http.header, http.header.raw and http.request_header buffers not populated when malformed header value exists Actions
Bug #6418: detect/engine-analyzer: rule parser error uses outdated buffer Actions
Bug #6419: dpdk: Analyze hugepage allocation on startup more thoroughly Actions
Bug #6483: http.request_headers - odd behavior with multiple signtures Actions
Bug #6490: profiling: rule profiling doesn't support absolute paths Actions
Bug #6499: tcp.active_sessions and flow.active count will never reduce when using trex Actions
Bug #6500: eve/alert: missing FTP metadata Actions
Bug #6501: eve/alert: missing TFTP metadata Actions
Bug #6527: cppcheck 2.11 errors Actions
Bug #6547: HTTP/2 - http.response_line has leading space Actions
Bug #6551: Invalid registration of prefiltering in stream size Actions
Bug #6553: eve/alert: payload/payload_printable misrepresent data in case of overlaps Actions
Bug #6574: detect/filestore: memory leak on rule parsing Actions
Bug #6578: ssh: no alert on packet with Message Code: New Keys (21) Actions
Bug #6584: SCTIME_ADD_SECS() macro zeros out ts.usec part Actions
Bug #6585: SCTIME_FROM_TIMESPEC() creates incorrect timestamps Actions
Bug #6592: mqtt: frames on TCP are not set properly when parsing multiple PDUs in one go Actions
Bug #6615: detect/analyzer: misrepresenting negative distance value Actions
Bug #6617: detect/filestore: flow, to_server was broken by moving files into transactions Actions
Bug #6618: Endace: timestamp fixes Actions
Bug #6619: Profiling takes much longer to run than it used to Actions
Bug #6633: stats: flows with a detection-only alproto not accounted in this protocol Actions
Bug #6643: http: wrongly assuming http0.9 leads to missed headers Actions
Bug #6652: Configuration values trigger error instead of warning messages Actions
Bug #6656: detect/requires: assertion failed !(ret == -4) Actions
Bug #6661: content-inspect: FN on negative distance Actions
Bug #6663: Config rules does not disable logging. Actions
Bug #6664: eve/smtp: attachment filenames not logged Actions
Bug #6678: datasets: discard datasets that hit the memcap while loading correctly Actions
Bug #6710: rules: failed rules after a skipped rule are recorded as skipped, not failed Actions
Bug #6715: dpdk: NUMA warning on non-NUMA system Actions
Bug #6726: stream: stream.drop-invalid drops valid traffic Actions
Bug #6732: Suricata 7.0.2 parent interface object in stats contains VLAN-ID as keys Actions
Bug #6733: tcp: tcp flow flags changing incorrectly when ruleset contains content matching Actions
Bug #6737: dpdk: property configuration can lead to integer overflow Actions
Bug #6741: dpdk: automatic cache calculation is broken Actions
Bug #6743: stream/tcp: spurious retransmission seen as invalid Actions
Bug #6744: tcp: fast open packet not fully handled Actions
Bug #6745: util/mime: Memory leak at util-decode-mime.c:MimeDecInitParser Actions
Bug #6750: dpdk: examine the functionality of multiple parallel-running DPDK Suricata processes Actions
Bug #6753: detect/cip: missing return-value check for a 'scanf'-like function Actions
Bug #6755: Netmap: deadlock if netmap_open fails Actions
Bug #6760: Hugepages Error for ARM64 and af-packet IPS mode Actions
Bug #6762: Hugepages Error for FreeBSD when kernel NUMA build option is not enabled Actions
Bug #6766: multi-tenancy: dead lock during tenant loading Actions
Bug #6776: exception/policy: bypass flow incorrect applied? Actions
Bug #6778: detect/tls.certs: direction flag checked against wrong field Actions
Bug #6782: streaming/buffer: crash in HTTP body handling Actions
Bug #6787: decode/pppoe: Suspicious pointer scaling Actions
Bug #6790: dpdk: evaluate the correct handling of DPDK ports on shutdown Actions
Bug #6811: capture plugins: capture plugins unusable due to initialization order Actions
Bug #6820: libhtp: compile warning if libhtp is bundled Actions
Bug #6834: iprep: rule with '=,0' can't match Actions
Bug #6835: BUG_ON triggered from TmThreadsInjectFlowById Actions
Bug #6837: Error message from netmap when using Netmap pipes (with lb) Actions
Bug #6838: eve/filetypes: move from plugin api to eve api Actions
Bug #6839: coverity: warning in port grouping code Actions
Bug #6843: detect/port: port ranges are incorrect when a port is single as well as a part of range Actions
Bug #6846: alerts: wrongly using tx id 0 when there is no tx Actions
Bug #6861: profiling/rules: crash when profiling ends Actions
Bug #6864: Detect: ipopts keyword misfires Actions
Bug #6865: BUG_ON triggered from AdjustToAcked Actions
Bug #6871: dpdk: fix compatibility issues for ice cards Actions
Bug #6875: output/alert: assertion failed p->flow != NULL Actions
Bug #6877: Suricata 8 general protection fault ip:698117 sp:7fd537b08090 Actions
Bug #6881: detect/port: port grouping does not happen correctly if gap between a single and range port Actions
Bug #6883: rust: clippy 1.77 warning Actions
Bug #6887: defrag: reassembled packet can have wrong datatype Actions
Bug #6891: sip: usage of Vec instead of Vecdeque leads to quadratic complexity on cleanup Actions
Bug #6896: detect/port: upper boundary ports are not correctly handled Actions
Bug #6903: streaming buffer: heap overflows in StreamingBufferAppend()/StreamingBufferAppendNoTrack() Actions
Bug #6904: mime: buffer overflow in GetFullValue() (util-decode-mime.c) Actions
Bug #6906: smtp/mime: data command rejected by pipelining server does not reset data mode Actions
Bug #6913: reimplement systemd sd_notify w/o linking to libsystemd Actions
Bug #6918: pcre2 compile warning Actions
Bug #6921: jsonbuilder: serializes Rust f64 NaNs to an invalid literal Actions
Bug #6940: lua: handle errors in lua rules Actions
Bug #6942: decode/ppp: decoder.event.ppp.wrong_type on valid packet Actions
Bug #6948: detect/http.response_body: false positive because not enforcing direction to_client Actions
Bug #6956: mqtt: create PDU frames without regard to the parsing function Actions
Bug #6957: Assert: BUG_ON(id <= 0 || id > (int)thread_store.threads_size); Actions
Bug #6959: improve handling of content encoding: gzip but request_body not actually compressed Actions
Bug #6964: base64: consumed bytes are incorrectly set for different modes Actions
Bug #6971: defrag: default policy is inconsistent Actions
Bug #6973: detect: log relevant frames app-layer metdata Actions
Bug #6976: flow/action: not always updated? Actions
Bug #6981: dpdk: compiler warnings Actions
Bug #6983: alert/metadata: no pgsql object encapsulation Actions
Bug #6984: mqtt: do not log non-string messages? Actions
Bug #6985: base64: coverity dead code warning Actions
Bug #6989: tls.random buffers don't work as expected Actions
Bug #6994: sip/sdp: logget closes unopened array for empty medias Actions
Bug #7000: pgsql: partially incorrect tx_id tracking Actions
Bug #7004: app-layer: wrong tx may be logged for stream rules Actions
Bug #7013: rust: build with rust 1.78 with slice::from_raw_parts now requiring the pointer to be non-null Actions
Bug #7019: snmp: probing parser returns ALPROTO_FAILED instead of ALPROTO_UNKNOWN if slice.len() < 4 Actions
Bug #7020: unix-socket: hostbit commands don't properly release host Actions
Bug #7022: unix-socket: iface-bypassed-stat crash Actions
Bug #7025: websocket: wrong value for opcode ping/pong Actions
Bug #7034: time: in offline mode, time can stay behind at pcap start Actions
Bug #7037: pcap/log: MacOS rotates file well before limit is reached Actions
Bug #7048: af-packet: failure to start up on many threads plus high load Actions
Bug #7049: util/radix-tree: Possible dereference of nullptr in case of unsuccess allocation of memory for node Actions
Bug #7053: bypass: cannot bypass udp flow from first packet in second direction Actions
Bug #7059: smtp: split name logged as 2 names Actions
Bug #7093: sip: wrong slice used for sip_take_line with tcp leads to quadratic oom Actions
Bug #7106: packet: app-layer-events incorrectly used on recycled packets Actions
Bug #7113: pgsql: track 'progress' in tx per direction Actions
Bug #7115: dpdk: timestamping packets through TSC does not yield the same time as kernel time Actions
Bug #7121: smb/ntlmssp: nonsense smb.ntlmssp.version values Actions
Bug #7135: util/thash: debug assertion for memuse Actions
Bug #7158: tcp: 'broken ack' event set on flow timeout Actions
Bug #7172: detect/integers: do not bother to free NULL pointer on setup/parse failure Actions
Bug #7176: ldap: crash when encountering GAP Actions
Feature #845: Memory consumption in stats.log Actions
Feature #1005: conditional logging: controlling what gets logged Actions
Feature #1125: smtp: improve protocol detection Actions
Feature #1199: protocol: LDAP support Actions
Feature #1520: multitenancy - verbose output clarity Actions
Feature #1542: dump-config - extend into multi-detect supplied yaml configuration Actions
Feature #1971: lua: make mandatory Actions
Feature #1983: tls: events are directionless and trigger twice per flow direction Actions
Feature #1993: commandline: introduce --enable-all-outputs switch Actions
Feature #2290: lua: use script as transform Actions
Feature #2375: Design and implement sensible per-thread capabilities Actions
Feature #2377: deprecate: ssh.softwareversion and ssh.protoversion Actions
Feature #2448: Add additional buffers for DNS Responses Actions
Feature #2486: prefilter/fast_pattern logic for flowbits Actions
Feature #2678: list-keywords: add info about fast_pattern and transforms Actions
Feature #2695: websocket support Actions
Feature #2696: http: implement parser in rust Actions
Feature #2816: vlan: support more than 2 layers Actions
Feature #2958: Suricata 5.0.0beta1 and way too much anomaly logging Actions
Feature #3003: filestore to uses rename syscall instead of sendfile,which doesn't allow files to be sent across file systems Actions
Feature #3351: sip: parse traffic over tcp Actions
Feature #3446: app-layer: implement MySQL parser Actions
Feature #3487: mime: multi-part parser in Rust Actions
Feature #3636: eve: configuration options to enable all, none or just a default set of outputs Actions
Feature #3952: mDNS protocol implementation Actions
Feature #3958: enip: convert protocol parser to rust Actions
Feature #4089: rules: Flexible format transform Actions
Feature #4099: allow rule keyword registration from app-layer Actions
Feature #4102: plugins: support creating app-layer parser, logger and detect Actions
Feature #4136: use Suricata-Update managed classification.config Actions
Feature #4153: app-layer: rust derive style macros to generate common code Actions
Feature #4174: tracking: app-layer frame inspection support Actions
Feature #4226: bsize: apply as depth to patterns Actions
Feature #4566: pgsql: add subprotocol-states Actions
Feature #4660: base64_decode cannot be used with Transformations like pcrexform Actions
Feature #4776: lua: vendor latest lua stable Actions
Feature #4777: lua: implement sandboxing Actions
Feature #4853: eve: Add information about Suricata version Actions
Feature #4854: pgsql: Add COPY subprotocol-state Actions
Feature #4855: rules: refactor rule parsing into multi-stage parser Actions
Feature #4861: smb: support multi-stream file transfers Actions
Feature #4876: Additional FTP Buffers Actions
Feature #4904: dcerpc: add stream app-layer records support Actions
Feature #4905: smtp: add stream app-layer frame support Actions
Feature #4906: ftp: add stream app-layer frame support Actions
Feature #4910: dpdk: implement secondary mode Actions
Feature #4946: nfsv2: implement WRITE support Actions
Feature #4974: Log references to Eve Actions
Feature #4986: pgsql: support frames Actions
Feature #4990: eve/frames: make payload logging configurable Actions
Feature #5029: eve: telnet logger Actions
Feature #5049: detect/frames: allow mixing with txs Actions
Feature #5075: smb: keyword for the SMB version Actions
Feature #5082: smb: keyword for matching the SMB files Actions
Feature #5194: tracking: options for simulating various exceptions Actions
Feature #5203: dpdk: implement primary app for Suricata secondary mode Actions
Feature #5217: ips: allow dropping of flow if applayer specific memcap is hit Actions
Feature #5234: SSL/TLS Sticky Buffer for subjectAltName Actions
Feature #5286: ips: allow dropping of packet/flow when alert queue exceeded Actions
Feature #5415: tftp: support keywords such as file.name, file.data etc... Actions
Feature #5446: allow ranges in dns.opcode value Actions
Feature #5466: detect: allow alert-then-pass logic Actions
Feature #5489: research: multi version rules; or version dependent rules Actions
Feature #5495: implement grace period for midstream exception policy Actions
Feature #5640: frames: tx frames Actions
Feature #5642: DNS: parity between log fields and detection Actions
Feature #5646: rules: allow matching on flow pkts and bytes Actions
Feature #5647: rules: mark flow as elephant flow Actions
Feature #5664: "Scope" bits should have an expiration Actions
Feature #5665: rules: bidirectional transaction matching Actions
Feature #5692: Add brotli content encoding to HTTP/1.1 Actions
Feature #5726: ike: add frame support Actions
Feature #5743: http2: add frame support Actions
Feature #5773: Support DNS over HTTPS (DoH) Actions
Feature #5775: http.headers - dynamic sticky buffers Actions
Feature #5816: Exception policy stats counters Actions
Feature #5826: frames: logging of events set on frames Actions
Feature #5838: dpdk: NIC encapsulation stripping Actions
Feature #5839: dpdk: power saving mode Actions
Feature #5845: smb: Support SMB_COM_SESSION_SETUP_ANDX Request Actions
Feature #5972: rules: "requires" keyword representing the minimum version of suricata to support the rule Actions
Feature #5973: warn when HTTP rules will only work for a specific version of HTTP Actions
Feature #5974: Midstream exception policy "reject-both" support Actions
Feature #5976: eve/stats: allow hiding counters whose value is 0 Actions
Feature #6079: eve/dcerpc: eve/smb: log dcerpc uuid with request/response txs Actions
Feature #6090: eve/alert: missing dcerpc metadata Actions
Feature #6114: dpdk: wrap DPDK logs in a Suricata logger Actions
Feature #6164: detect: new keyword flow.pkts_toclient to server and bytes as well Actions
Feature #6210: outputs: add verdict event type Actions
Feature #6215: Exception policy log output Actions
Feature #6237: Multi-tenancy: Allow inner VLAN to be selected Actions
Feature #6259: pgsql: add `query` detection keyword Actions
Feature #6260: Support flow matching excluding packet recursion level Actions
Feature #6261: Add GRE as a parsible protocol Actions
Feature #6290: support case insensitive testing of HTTP header name existence Actions
Feature #6293: Support disabling forced flow reuse in low memory conditions Actions
Feature #6366: pop3 protocol detection Actions
Feature #6368: stream/midstream: wscale setting Actions
Feature #6374: Sticky buffers for sip headers Actions
Feature #6379: JA4 support for TLS and QUIC Actions
Feature #6396: Add protocol string support for mqtt Actions
Feature #6399: Per-thread stats values can be negative Actions
Feature #6422: dpdk: expand on DPDK allocation hints Actions
Feature #6424: HTTP/2 - http.host behavior when both :authority pseudo header and host header are present Actions
Feature #6426: HTTP/2 - app-layer-event and normalization when userinfo is in the :authority pseudo header for the http.host header Actions
Feature #6439: New Transformation: to_lowercase Actions
Feature #6455: txbits: support for new type of bits Actions
Feature #6459: filebits: support for new type of bits Actions
Feature #6480: plugins: allow plugins to specify the version of suricata they are for Actions
Feature #6487: transform: from_base64 Actions
Feature #6496: dns: new detection buffer: dns.answer.name Actions
Feature #6497: dns: new detection buffer: dns.query.name Actions
Feature #6546: transformation - strip_pseudo_headers Actions
Feature #6550: profiling/rules: allow enabling profiling for pcap file runs Actions
Feature #6621: dns: add keyword for dns rcode: dns.rcode Actions
Feature #6624: http/2: event on :authority vs Host header mismatch Actions
Feature #6627: SDP protocol: parser and logger Actions
Feature #6637: requires: add skipped rules to stats Actions
Feature #6645: detect: integer parsed with hexadecimal notation Actions
Feature #6646: detect: integer: support negated ranges Actions
Feature #6647: detect: integers: support for enumerations Actions
Feature #6648: detect: integer: support bitmasks Actions
Feature #6666: dns: add keyword for dns rrtype: dns.rrtype Actions
Feature #6723: detect: review existing keywords for usage of enumerations Actions
Feature #6724: detect: review existing keywords for usage of bitflags Actions
Feature #6729: websockets: support over HTTP/2 Actions
Feature #6739: dpdk: warn the user if user-settings are adjusted to the device capabilities Actions
Feature #6788: Decouple stream.bypass dependency from TLS encrypted bypass Actions
Feature #6805: cpu-affinity: enhance CPU affinity logic with per-interface NUMA preferences Actions
Feature #6822: threshold: support tracking by flow Actions
Feature #6827: arp: implement decoder and logger Actions
Feature #6856: http: anomaly when request line is missing protocol Actions
Feature #6857: iprep: support seeing if rule is part of a rep list Actions
Feature #6927: dpdk: add unit tests for threading and mempool cache size functions Actions
Feature #6936: landlock: enable by default Actions
Feature #6939: lua: incremement stat when a lua rule exhausts its instruction count Actions
Feature #6943: pcap: datalink type 229 not (yet) supported in module PcapFile Actions
Feature #6967: multi-tenancy: support thresholding per tenant Actions
Feature #6996: add transformation to keyword performance stats Actions
Feature #6999: output/json: enrich EVE w/ libmaxminddb geoip info Actions
Feature #7036: DPDK NUMA setup: choose correct CPUs from worker-cpu-set Actions
Feature #7045: tls-store: add support client certs Actions
Feature #7047: eve: add ip version field Actions
Feature #7051: websocket: data frame Actions
Feature #7055: tls: log ALPN Actions
Feature #7068: protocol support: STUN Actions
Feature #7069: config/eve: magic toggle to enable all types Actions
Feature #7070: eve: internal state output facility Actions
Feature #7073: lua: expose hashing functions (md5/sha1/sha256) Actions
Feature #7074: lua: expose base64 functions Actions
Feature #7092: frames: support rules with multiple different frames Actions
Feature #7098: Payload length field in JSON Actions
Feature #7108: tls: ALPN keyword Actions
Feature #7109: app-layer: stop generating anomalies after gap in the flow Actions
Feature #7117: dpdk: hardware timestamping for packets Actions
Feature #7120: threshold: add backoff type Actions
Feature #7125: threshold: by_src, by_dst, by_both should support vlan separation Actions
Feature #7170: hyperscan: Cache Hyperscan databases to disk to speed up the startup Actions
Optimization #426: threshold: rule based thresholding data structure improvement Actions
Optimization #2272: Analyze DNS response if query is not present Actions
Optimization #2621: Convert setup scripts from sh/ed/sed to Python. Actions
Optimization #3427: Issue warning/info msg upon datasets of type string that are not base64 Actions
Optimization #3449: output calls fflush very often Actions
Optimization #3540: krb5: use app-layer incomplete support Actions
Optimization #3707: Convert JSON Loggers to JsonBuilder Actions
Optimization #3766: Convert Stats to JsonBuilder Actions
Optimization #3827: clean up logging initialization code Actions
Optimization #4490: rust: see if we can use SuricataStreamingBufferConfig Actions
Optimization #4517: cbindgen export the constants from Rust to C, also for macro such as BIT_U8(1), and remove duplicate definitions between rust and C Actions
Optimization #4747: app-layer: make tx iterator a mandatory part of the API Actions
Optimization #4753: lua: fix inconsistency in the init "needs" key Actions
Optimization #4937: Convert Rule Profile JSON output to JsonBuilder Actions
Optimization #4950: Code improvement in KRB5State.parse function Actions
Optimization #4987: frames: unify handling of getting frame data, flags Actions
Optimization #5047: sip: implement pattern based protocol detection Actions
Optimization #5180: detect/alert: make sure that signatures with `drop` action are respected, even if the alert is discarded Actions
Optimization #5207: Common Rust parser for *bits Actions
Optimization #5311: ftp: use unsigned integer for input_len Actions
Optimization #5476: decoder: compact & flexible storage of decoder data in the packet Actions
Optimization #5517: decode: big clean up (macros and functions) Actions
Optimization #5566: pgsql: add events Actions
Optimization #5672: smb: avoid unbounded hash maps Actions
Optimization #5699: dcerpc: switch to incomplete api for tcp Actions
Optimization #5787: detect/filestore: optimize http tx handling Actions
Optimization #6001: investigate: optional/configurable stats log verbosity Actions
Optimization #6002: stats/exception: allow configuring verbosity via unix socket Actions
Optimization #6061: cmdline: make --list-runmodes output friendlier Actions
Optimization #6111: defrag: avoid passing null pointers to functions Actions
Optimization #6188: ConfYamlLoadString: handle allocation failures Actions
Optimization #6225: exception: standardize log message about set-up value Actions
Optimization #6387: mqtt: move parser registration code to the rust side Actions
Optimization #6433: packetpool: improve return sync logic Actions
Optimization #6454: Force os to release memory on rule reload Actions
Optimization #6502: schema: avoid - and . in keys Actions
Optimization #6569: threading: fix condition signalling w/o taking lock first Actions
Optimization #6572: runmodes: fix `--list-runmodes` output Actions
Optimization #6575: detect/multi-buffer: use single definition of struct PrefilterMpmKrb5Name Actions
Optimization #6702: streaming-buffer: Explore Rank Balanced trees Actions
Optimization #6703: detect-engine/port: Explore Rank Balanced trees for post grouping uses Actions
Optimization #6704: CI: expand check for pcapng; also check `-nanosecond` Actions
Optimization #6718: detect/frames: avoid rescanning in IPS mode Actions
Optimization #6728: detect: prefilter for events (decode, stream, app-layer, etc...) Actions
Optimization #6773: app-layer/template: no limit on txs number Actions
Optimization #6775: detect: do not run tx detection on tcp non established packets Actions
Optimization #6792: detect/port: port grouping is quite slow in worst cases Actions
Optimization #6795: detect/port: PortGroupWhitelist fn takes a lot of processing time Actions
Optimization #6821: smtp: add 535 code Actions
Optimization #6852: mpm/ac: support endswith Actions
Optimization #6873: byte_extract: convert keyword/option parsing to Rust Actions
Optimization #6937: compile: make code clean with -Wunused-macros Actions
Optimization #6938: packet: optimize packet data storage Actions
Optimization #6960: fuzz: target to test signatures compatibility Actions
Optimization #7002: detect: move pseudo packet checks out of keyword Match funcs Actions
Optimization #7018: dns/tcp: allow triggering raw stream reassembly Actions
Optimization #7026: app-protos: trigger raw stream reassembly Actions
Optimization #7044: applayer: clean up truncate callbacks and logic Actions
Optimization #7065: base64: move the decoder to rust Actions
Optimization #7076: pgsql: trigger raw stream reassembly when tx completed Actions
Optimization #7089: rust transaction iterator runs a useless iteration of the loop Actions
Optimization #7155: pcap: use larger read size buffer for a performance increase Actions
Optimization #7178: rfb: rustify keywords and app-layer registration Actions
Task #2693: tracking: libsuricata Actions
Task #3153: tracking: scan-build warnings Actions
Task #3166: src code file reorg Actions
Task #3334: rust: cleanup registration of C function pointers in SuricataContext Actions
Task #3343: tracking: developer documentation Actions
Task #3836: Formatting rust code Actions
Task #4082: ftp: convert parser to Rust Actions
Task #4098: smtp: convert parser to Rust Actions
Task #4103: plugins: convert DNS to use the plugin API Actions
Task #4105: plugins: Create template capture source plugin Actions
Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools Actions
Task #4143: tracking: file.data improvements Actions
Task #4429: libsuricata: Use cases with examples Actions
Task #4683: detect: remove sigmatch_table in favor of a dynamic storage option Actions
Task #4698: Example program to bootstrap Suricata (an alternate main() for Suricata) Actions
Task #4704: unix-socket: separate functionality from the unix socket interface Actions
Task #4707: detect: unify internal buffer names to use <proto>.<buffer> naming Actions
Task #4742: Make the auto-generated config.h not conflict with other config.h. Actions
Task #4773: research: IPS behavior wrt resource limits Actions
Task #4799: af-packet: review iface up/down logic Actions
Task #4919: Add option to change sensor-name log field Actions
Task #5050: rules/frames: settle on rule syntax Actions
Task #5053: app-layer: dynamic alproto IDs Actions
Task #5181: detect/engine-analyzer: add rule analyzer warnings about rules that could use the frame keyword/semantics/feature Actions
Task #5472: tracking: upgrading from 7 to 8 Actions
Task #5510: stream (midstream): investigate - Suri drops flow but still logs second packet of the flow Actions
Task #5560: dpdk: Design a test-case for Suricata running as a secondary process Actions
Task #5588: ips/tap: don't allow mixed tap and ips modes Actions
Task #5610: tracking: new protocol: telnet Actions
Task #5626: doc: document file.data Actions
Task #5682: tracking: smb performance issues Actions
Task #5827: [investigate] output/drop: make `drop reason` more informative Actions
Task #5840: dpdk: Design test cases for DPDK capture interface Actions
Task #6028: c: C11 _s style buffer handling calls Actions
Task #6029: c: require C11 Actions
Task #6050: base64: make a fuzz target Actions
Task #6107: Convert unittests to new FAIL/PASS API - util-memcmp.c Actions
Task #6209: libhtp 0.5.46 Actions
Task #6217: research: increased tcp.overlap after file data changes Actions
Task #6258: misc: clean-up commented out code Actions
Task #6262: tracking: reduce stack usage Actions
Task #6273: misc: clean up left over printf calls Actions
Task #6308: detect/analyzer: add more keyword details Actions
Task #6309: detect/analyzer: add more details for the flowbits keyword Actions
Task #6353: detect/analyzer: add more details for the tcp seq keyword Actions
Task #6354: detect/analyzer: add more details for the tcp ack keyword Actions
Task #6355: detect/analyzer: add more details for the tcp.mss keyword Actions
Task #6382: Add DPDK 23.11 build to Github Actions Actions
Task #6427: runmodes: remove reference to auto modes Actions
Task #6432: tracking: autofp capture stalls due to packetpool depletion Actions
Task #6474: detect: smtp body inspection keyword Actions
Task #6485: [investigate] Scoring method for keywords and transforms Actions
Task #6488: plugins: add example plugins to the suricata source tree Actions
Task #6489: test/stream/tcp-list: fix unittests Actions
Task #6542: logging: deprecate tls-log Actions
Task #6543: logging: deprecate http-log Actions
Task #6544: logging: deprecate syslog Actions
Task #6545: tls-store: unify with file-store Actions
Task #6573: rust: set new minimum Rust version for Suricata 8 Actions
Task #6576: pgsql: log identifier for unknown messages? Actions
Task #6577: pgsql: add cancel request message Actions
Task #6586: mpm/ac-bs: remove implementation Actions
Task #6603: pgsql: don't log password msg if password disabled Actions
Task #6605: flash decompression: update/remove deprecation warnings Actions
Task #6684: pcap-log: remove sguil mode Actions
Task #6712: remove completely nss Actions
Task #6748: doc: mention X710 RX descriptor limitation Actions
Task #6769: libhtp 0.5.47 Actions
Task #6814: libsuricata: opt-in signal handling Actions
Task #6817: rust: kerberos-parser 0.8.0 Actions
Task #6818: rust: snmp-parser 0.10.0 Actions
Task #6819: tracking: rust: update dependencies for 8 Actions
Task #6849: brainstorm: should certain ouput types be removed (eg syslog) Actions
Task #6888: Remove obsolete items from contrib Actions
Task #6917: [investigate] exceptions: are drop reasons unique to policies? Actions
Task #6929: eve/stats: hide zero-values for counters individually Actions
Task #6941: lua: review and document lua rule return types Actions
Task #6951: tracking: nfs performance issues Actions
Task #6961: lua create: use a rust crate to vendor lua Actions
Task #6962: yaml: unify 0 stats counter config option terminology Actions
Task #6965: libhtp 0.5.48 Actions
Task #6968: decode: unify decode thread module with receive thread module Actions
Task #7030: arp: make arp opcodes into enum Actions
Task #7058: fuzz/base64: check decoded strings for correctness in strict mode Actions
Task #7061: content-inspect: expand accepted range of depth/offset/distance & related Actions
Task #7071: core/rust: use Direction enum for raw parser trigger fn Actions
Task #7079: rust: unify rust ffi style Actions
Task #7130: rust: dependency "time" fails to build on Rust nightly Actions
Task #7151: plugins: add template app-layer plugin Actions
Task #7152: plugins: add template logger plugin Actions
Task #7154: plugins: add template detection plugin Actions
Task #7162: pfring: move into bundled plugin Actions
Task #7165: napatech: move into bundled plugin Actions
Task #7167: dns: make the version field in a dns object required Actions
Documentation #2620: Documentation: tagged_packets / event_type packet Actions
Documentation #3015: userguide: document "tag" keyword Actions
Documentation #4350: Devguide: transaction handling logic Actions
Documentation #4351: doc: explain the AppLayerParserTriggerRawStreamReassembly logic Actions
Documentation #4352: Devguide: Debugging Basics - pcap_cnt Actions
Documentation #4557: Add document about JsonBuilder Actions
Documentation #4658: Add/improve documentation for pcre substring capture logging Actions
Documentation #4705: userguide: add sections about frame support Actions
Documentation #4708: DevGuide: Add Eve Output Plugins Actions
Documentation #4709: Add page about analyzing Suricata performance Actions
Documentation #4980: doc/frames: document frame rule keyword Actions
Documentation #5008: userguide: add a protocol chart listing defaults Actions
Documentation #5078: suricata config reload: improve documentation on behavior Actions
Documentation #5088: file.name sticky buffer is not documented Actions
Documentation #5138: userguide: add a section for fileinfo eve type Actions
Documentation #5139: userguide: add a section for netflow event type Actions
Documentation #5274: devguide: document how the alert flow works Actions
Documentation #5393: devguide: move github workflow document from redmine into devguide Actions
Documentation #5449: userguide: document how suricata processes rules internally Actions
Documentation #5465: doc/userguide: document terminating behavior of rule actions Actions
Documentation #5485: userguide: explain that the http.header_names buffer is normalized Actions
Documentation #5494: userguide: update tls eve-log fields 'not_before' and 'not_after' Actions
Documentation #5513: userguide: add a chapter for IPS mode Actions
Documentation #5531: userguide: ensure documentation is up to date Actions
Documentation #5532: userguide: have a section to mention and document the various ways stream-depth can be set Actions
Documentation #5534: userguide: better document what TCP midstreams are for Suricata Actions
Documentation #5543: userguide: document which keywords accept the prefilter keyword Actions
Documentation #5554: userguide: document behavior for actions like PASS, DROP, REJECT, BYPASS... Actions
Documentation #5575: docs: bring 'reporting bugs page' into userguide and update it Actions
Documentation #5612: devguide: add a chapter about Suricata's exception policies Actions
Documentation #5651: bsize: format should specify operators Actions
Documentation #5690: userguide: document the differences between IPS and IDS mode Actions
Documentation #5829: userguide: add context on "why/when an exception policy is applied" Actions
Documentation #5830: userguide: update & improve exception policy section Actions
Documentation #5869: userguide: describe what are the delta stats counters Actions
Documentation #5891: userguide: explain different log save directory in offline mode Actions
Documentation #5897: devguide: add section on generating code coverage reports locally Actions
Documentation #5910: devguide: explain possible differences in data inspection with inline stream or not Actions
Documentation #5911: userguide: update & bring guide for installation on Windows to RtD Actions
Documentation #6022: devguide: explain how the engine identifies applayer protocols Actions
Documentation #6026: userguide/suricata-yaml: update image on threading Actions
Documentation #6030: devguide: expand Suricata Internals chapter Actions
Documentation #6058: doc/configuration: clarify sig_id & gid_id for global threshold Actions
Documentation #6069: userguide/install: move RPM distros to their own page Actions
Documentation #6076: eve/schema: document quic Actions
Documentation #6078: eve/schema: document pgsql Actions
Documentation #6180: userguide: add troubleshooting section Actions
Documentation #6219: userguide: add page about different usecases Actions
Documentation #6252: userguide/install: move Ubuntu distros to their own page Actions
Documentation #6270: userguide: document usage of Suricata as a firewall Actions
Documentation #6284: userguide: document what's the impact of `stream.inline` Actions
Documentation #6369: stream: document stream.3whs_syn_flood and stream.3whs_synack_flood Actions
Documentation #6412: devguide: API upgrade notes Actions
Documentation #6434: eve/schema: document stats Actions
Documentation #6442: rtd: indicate that a page is for an outdated version Actions
Documentation #6445: userguide: explain what flow_id is Actions
Documentation #6450: userguide: add section about sshhash Actions
Documentation #6451: userguide: update 'what is suricata' section Actions
Documentation #6452: userguide/ftp: clarify usage around ftp and ftp.data keyword Actions
Documentation #6484: userguide: add keyword performance results Actions
Documentation #6486: userguide: explain pkt_on_wrong_thread counter Actions
Documentation #6492: doc: explain how FTP works Actions
Documentation #6495: userguide: add section on SMTP event type Actions
Documentation #6498: userguide/output: add section about fileinfo Actions
Documentation #6552: doc: add tcp timeout fix to upgrade guide Actions
Documentation #6566: userguide: add description for missing EVE krb fields Actions
Documentation #6568: devguide: document backports policies and process Actions
Documentation #6570: remove references in docs mentioning prehistoric Suricata versions Actions
Documentation #6589: docs: fix broken bulleted list style on rtd Actions
Documentation #6599: docs: update eBPF installation instructions Actions
Documentation #6626: devguide: add instructions for MacOS setup Actions
Documentation #6628: userguide: document generic aspects of integer keywords Actions
Documentation #6629: Fix byte_test examples Actions
Documentation #6685: userguide: explain noalert keyword Actions
Documentation #6686: docs: port userguide build instruction changes from master-6.0.x Actions
Documentation #6708: userguide/payload: fix explanation about bsize ranges Actions
Documentation #6725: document pcap file variables Actions
Documentation #6781: http keywords lacking information about values from duplicate headers being concatenated Actions
Documentation #6840: devguide/app-layer: section with conceptualized steps for adding parser Actions
Documentation #6908: userguide: document how to verify tar.gz signature Actions
Documentation #6911: manpages: use consistant date based on release and/or git commits Actions
Documentation #6955: devguide: update coding-style docs Actions
Documentation #6998: userguide: add info on how to generate rule-profiling Actions
Documentation #7031: devguide: document SignatureProperties sigtype Actions
Documentation #7078: devguide: document current ffi naming style Actions
Documentation #7081: userguide: add unix socket option to retrieve flow info Actions
Documentation #7149: devguide: document adding a app-layer plugin Actions
Documentation #7150: devguide: document adding a logging plugin Actions
Documentation #7153: devguide: document adding a detection plugin Actions
Documentation #7174: docs: investigate if RtD AddOns will impact our guides Actions
Security #5921: http1: configurable limit for maximum number of live transactions per flow Actions
Security #5926: http2: evasion by splitting header fields over frames Actions
Security #6187: DetectEngineReload: handle allocation failures Actions
Security #6299: mqtt pcap with anomalies takes too long to process because of app-layer-event detection Actions
Security #6411: pgsql: quadratic complexity leads to over consumption of memory Actions
Security #6441: detect: heap use after free with http.request_header keyword Actions
Security #6444: http1: quadratic complexity from infinite folded headers Actions
Security #6477: SMTP: quadratic complexity from unbounded number of transaction per flow Actions
Security #6481: http2: quadratic complexity in find_or_create_tx not bounded by max-tx Actions
Security #6668: ip defrag: final overlapping packet can lead to "hole" in re-assembled data Actions
Security #6669: ip defrag: re-assembly error in bsd policy Actions
Security #6675: ip-defrag: packet can be considered complete even with holes Actions
Security #6757: libhtp: quadratic complexity checking after request line missing protocol Actions
Security #6796: output/filestore: slowdown because of running OutputTxLog on useless packets Actions
Security #6799: ssh: quadratic complexity in overlong banner Actions
Security #6866: eve: excessive ssh long banner logging Actions
Security #6892: http2: oom on copying compressed headers Actions
Security #6900: http2: timeout logging headers Actions
Security #6902: base64: off-by-three overflow in DecodeBase64() Actions
Security #6987: modbus: txs without responses are never freed Actions
Security #7029: http/range: segv when http.memcap is reached Actions

Also available in: TXT