Project

General

Profile

9.0.0-beta1

open

Due in about 13 months (04/06/2027)

34%

593 issues   (183 closed410 open)

Issues by
Bug

70/143
Feature

30/177
Optimization

15/57
Task

48/136
Documentation

17/76
Security

3/4
Related issues
Bug #1412: byte_test checks before byte_extract happens in some cases Actions
Bug #1722: ip rules don't trigger under the context of 'flow:stateless' Actions
Bug #1826: Rule validation bug with fast_pattern:only and specified buffers Actions
Bug #1926: rule parsing: wrong content checked for fast_pattern (snort compatibility) Actions
Bug #2091: nonexistent/misspelled custom fields accepted during parsing of suricata.yaml Actions
Bug #2205: detect: error on content relative to fast_pattern:only Actions
Bug #2978: IRC traffic parsed by FTP Actions
Bug #3083: DROP rule with "noalert" Actions
Bug #3218: detect: wrong matches with ssl_state Actions
Bug #3220: tls: ssl_version keyword negation (!) not working Actions
Bug #3375: tracking: file tracking/inspection performance issues Actions
Bug #4135: dns: response only udp not detected as dns Actions
Bug #4330: file hash parameter in yaml accepts non valid values Actions
Bug #4482: detect: detect events not in rules, not tested (and not working?) Actions
Bug #4522: Rules with stream_size greater than not working Actions
Bug #4571: Unable to trigger rule by content in case of IPv4 in IPv4 encapsulation Actions
Bug #4786: xbits: no error on invalid 'expire' values Actions
Bug #4898: detect: Ensure detection events are logged Actions
Bug #4917: tls: leading GAP in toserver direction leads to various issues Actions
Bug #5031: flowbits - no error on invalid options Actions
Bug #5037: invalid timestamp in ending events Actions
Bug #5133: dcerpc: logs not created after unhandled packet such as auth3 Actions
Bug #5140: nfs: NFS3/NFS2 procedure conflict Actions
Bug #5196: config: test mode should fail when there are invalid config values Actions
Bug #5199: flow/memcap: too low setting causes crash Actions
Bug #5255: output/alert: incorrect pcap_filename logged with --pcap-file-recursive Actions
Bug #5704: Filestore is not working if landlock is enabled Actions
Bug #5713: eve/tls: version not logged for client hello only session Actions
Bug #6370: plugins: install libsuricata-config by default, or with headers Actions
Bug #6384: rust: configure fails to persistently detect/remember cbindgen location Actions
Bug #6499: tcp.active_sessions and flow.active count will never reduce when using trex Actions
Bug #6591: protodetect: ftp parsed as smtp Actions
Bug #6663: Config rules does not disable logging. Actions
Bug #6743: stream/tcp: spurious retransmission seen as invalid Actions
Bug #6744: tcp: fast open packet not fully handled Actions
Bug #6776: exception/policy: bypass flow incorrect applied? Actions
Bug #6865: stream/reassembly: BUG_ON triggered from AdjustToAcked in debug mode Actions
Bug #6971: defrag: default policy is inconsistent Actions
Bug #6976: flow/action: not updated w pkt + flow:stateless rules Actions
Bug #7009: dpdk: compile warning ‘rte_eth_bond_members_get’ is deprecated Actions
Bug #7133: Could the midstream policy support "drop-packet"? Actions
Bug #7216: stats: drop_reason counters don't support tunneled connections Actions
Bug #7250: tls version match can have incorrect behaviour Actions
Bug #7254: dcerpc: parser does not support multiple PDUs Actions
Bug #7360: BUG_ON triggered from GetLeftEdge Actions
Bug #7376: dpdk: delayed detect won't fully start Suricata until the first traffic Actions
Bug #7378: dpdk: having too few hugepages can lead to segfault on startup Actions
Bug #7389: log: adding too many 'v's cycles back to less verbose mode Actions
Bug #7392: Verdict output reports "drop" when rejected Actions
Bug #7429: detect/ip-only: severe performance degradation of "ip-only" rules with negation Actions
Bug #7442: telnet: frame parser inaccuracies Actions
Bug #7544: eve/alert: verdict reports "alert" when traffic is allowed implicitly/passively Actions
Bug #7546: dcerpc: parser does not take fraglen into account Actions
Bug #7547: dcerpc: parser uses only one header for both directions Actions
Bug #7630: eve/alert: incorrect verdict with pass + alert rule Actions
Bug #7638: detect: incorrect rule ordering with more complex flowbit chains Actions
Bug #7641: pgsql: can the parser handle multi-statement in simple query Actions
Bug #7664: detect: coverity Dereference before null check Actions
Bug #7718: pgsql: fix messages that are skipped (not logged) Actions
Bug #7719: pgsql: fix not parsing of NoticeResponse message Actions
Bug #7720: pgsql: fix not parsing of NotificationResponse msg Actions
Bug #7724: detect: wrong detect behavior for stream keywords no_stream and only_stream Actions
Bug #7753: decoder/vxlan: packet drops with non-zero reserved fields Actions
Bug #7771: flowbits: cyclic dependencies in flowbits are accepted by the engine Actions
Bug #7772: flowbits: no-op set and isset combinations are accepted Actions
Bug #7773: flowbits: no-op unset + isnotset combinations are accepted Actions
Bug #7774: flowbits: invalid set + toggle combinations are accepted Actions
Bug #7817: flowbits: invalid isset and isnotset combinations are accepted Actions
Bug #7818: flowbits: invalid set and unset combinations are accepted Actions
Bug #7829: lua/http: null dereference in accessor functions Actions
Bug #7831: util/affinity: tests are platform dependent Actions
Bug #7841: gre: investigate possible parent flow missing Actions
Bug #7842: base64: base64_data with relative match after base64_decode:relative fails Actions
Bug #7855: anomaly/ether_type: always logged as big endian Actions
Bug #7879: runmode/dpdk: dpdk_vars initialized to NULL for any livedev Actions
Bug #7884: exceptions: handle logging for per-packet policies Actions
Bug #7886: firewall: --firewall-rules-exclusive loads generic td rules as well Actions
Bug #7887: detect/tls: zero characters in keywords such as alt name are mishandled Actions
Bug #7902: output/json: invalid IKE logs Actions
Bug #7905: src: format truncation level 2 warnings Actions
Bug #7950: mime: incorrect decoding of quoted-printable text attachments Actions
Bug #7963: decode/ipv6: pkt_too_small event never set Actions
Bug #7973: detect/files: signatures using file keywords on udp only app protos fail Actions
Bug #7975: dpdk: CPU exclude logic is broken Actions
Bug #7991: http2: wrong parsing of go away frames error code Actions
Bug #7996: tls: certificate SAN is freed in case of any error Actions
Bug #7997: detect: replace keyword leaks memory Actions
Bug #8000: snmp: detection-only setting is broken Actions
Bug #8002: pcap-log: bpf-filter not applied when using multi mode Actions
Bug #8008: unittests: segv in SCSigOrderingTest12 on OpenBSD Actions
Bug #8009: NFSv3: File extraction bug when stable equal with FILE_SYNC Actions
Bug #8010: fragbits: failure to parse existing rules Actions
Bug #8014: flow/timeouts: yaml configured values unused for bypassed Actions
Bug #8015: detect/ip.src: does not load with lua transform Actions
Bug #8028: detect/urilen: invalid ranges silently convert to equals Actions
Bug #8052: python/Makefile: too open file permissions for defaults.py Actions
Bug #8054: src: error retval of VarNameStoreRegister is not handled Actions
Bug #8073: util/time: wrong microseconds computation in TimeDifferenceMicros Actions
Bug #8102: unix-socket: hostbit commands ipv6 parsing issues Actions
Bug #8119: file: wrong hash on small multipart files Actions
Bug #8129: configure: hint for installing bindgen is outdated Actions
Bug #8146: utils-spm-hs: missing deallocators on hs_compile failure Actions
Bug #8153: Double log rotation with rotation flag/interval Actions
Bug #8161: schema: allow `http_request_body` fields Actions
Bug #8166: flowbits: invalid unset + toggle combinations are accepted Actions
Bug #8169: dpdk: DPDK tag inadvertently changes compile architecture Actions
Bug #8172: flow: mac addresses are not swapped Actions
Bug #8173: lua: crash with luaxform and arguments Actions
Bug #8184: Loop counters underflows across codebase Actions
Bug #8205: detect/proto: alproto.enabled config in yaml enables protocol for both udp and tcp Actions
Bug #8206: firewall: loading rules only through yaml fails Actions
Bug #8210: rust: update lru crate to address RUSTSEC-2026-0002 Actions
Bug #8213: dpdk: configured interface cache size not respected Actions
Bug #8215: dpdk: adjust auto-derived mempool size to members count when used with net_bonding driver Actions
Bug #8223: ssh: Hassh enabled by rules even if set to no in suricata.yaml Actions
Bug #8224: detect/app-layer-event: alert generated for the wrong packet Actions
Bug #8243: hyperscan: coverity warning on stat path check Actions
Bug #8248: lua: calling metatable garbage collector with nil from a script leadsd to a null pointer dereference Actions
Bug #8251: dpdk: (x)stats are only accessible before port stop Actions
Bug #8256: detect: http.headers does not work on trailers when it is not fast_pattern Actions
Bug #8257: docs: checks that keywords doc links exist Actions
Bug #8258: ldap: no invalid_data event in case of invalid request Actions
Bug #8259: lib: examples fail with debug validation as they create threads after threads are sealed Actions
Bug #8266: detect: erroneous alerts due to inconsistency between applayer and stream Actions
Bug #8271: pfring: StringParseUnt16 function is not found Actions
Bug #8273: dpdk: adjust variable sizes in xstats printing Actions
Bug #8279: build: when documentation tools are install, make dist attempt to install files to prefix Actions
Bug #8300: openbsd: race condition between pledge and pcap directory mode Actions
Bug #8301: dpdk: TX descriptors should be set to positive values >= 64 Actions
Bug #8308: plugins/ndpi: SIGSEGV in DetectnDPIProtocolPacketMatch Actions
Bug #8311: firewall: af-packet IPS mode overwrites firewall mode Actions
Bug #8313: firewall: rule language can't accept ARP Actions
Bug #8318: ndpi: crashing in StorageGetById() Actions
Bug #8325: hs: harden cache manipulation Actions
Bug #8333: detect: false alerts with drop rule using geoip Actions
Bug #8336: tls.encryption-handling: bypass breaks flowbit-dependent JA3/JA3S rules in IDS mode Actions
Bug #8342: libmagic 5.47 cause UT and SV tests to break Actions
Bug #8349: pgsql: disable parser by default Actions
Bug #8355: sip: protocol detection incorrectly matches ssdp traffic Actions
Bug #8368: ldap: add ldap.rules file Actions
Bug #8370: dpdk: "auto" in mempool size undercalculates the mempool size for Rx/Tx descriptors Actions
Bug #8375: smb/dcerpc: use bind context_id to log the right interfaces Actions
Bug #8378: dcerpc: handle multiple bind/alter_context with their context_id to log the right interfaces Actions
Feature #635: output: missing keywords in list-keywords output Actions
Feature #682: Add DEP and ASLR to Windows Binary Actions
Feature #1005: conditional logging: controlling what gets logged Actions
Feature #1542: dump-config - extend into multi-detect supplied yaml configuration Actions
Feature #1954: af-packet: runtime option/flag to disable hardware timestamp support Actions
Feature #1979: TCP/IP packets normalization/scrubbing Actions
Feature #1983: tls: events are directionless and trigger twice per flow direction Actions
Feature #1993: commandline: introduce --enable-all-outputs switch Actions
Feature #2375: Design and implement sensible per-thread capabilities Actions
Feature #2448: dns: additional buffers for DNS Responses Actions
Feature #2487: rules: buffers for field/value pairs in http.uri and http.client_body Actions
Feature #2678: list-keywords: add info about fast_pattern and transforms Actions
Feature #2958: Suricata 5.0.0beta1 and way too much anomaly logging Actions
Feature #3003: filestore to uses rename syscall instead of sendfile,which doesn't allow files to be sent across file systems Actions
Feature #3026: Windows MSI - add in service scripts Actions
Feature #3065: tls_cert_XX keywords date format parsing error Actions
Feature #3236: output: list-keywords does not match on aliases Actions
Feature #3243: POP3 Support Actions
Feature #3338: vxlan: log vni in eve Actions
Feature #3446: app-layer: implement MySQL parser Actions
Feature #3636: eve: configuration options to enable all, none or just a default set of outputs Actions
Feature #3953: 8021BR E packet decoder Actions
Feature #4089: rules: Flexible format transform Actions
Feature #4136: configure: use Suricata-Update managed classification.config Actions
Feature #4153: app-layer: rust derive style macros to generate common code Actions
Feature #4174: tracking: app-layer frame inspection support Actions
Feature #4226: bsize: apply as depth to patterns Actions
Feature #4566: pgsql: add subprotocol-states Actions
Feature #4854: pgsql: Add COPY subprotocol-state Actions
Feature #4855: rules: refactor rule parsing into multi-stage parser Actions
Feature #4861: smb: support multi-stream file transfers Actions
Feature #4876: Additional FTP Buffers Actions
Feature #4906: ftp: add stream app-layer frame support Actions
Feature #4910: dpdk: implement secondary mode Actions
Feature #4946: nfsv2: implement WRITE support Actions
Feature #4965: protocol: SOCKS support Actions
Feature #4986: pgsql: support frames Actions
Feature #4990: eve/frames: make payload logging configurable Actions
Feature #5029: eve: telnet logger Actions
Feature #5044: rules: keyword for "count" of http_header_names Actions
Feature #5049: detect/frames: allow mixing with txs Actions
Feature #5194: tracking: options for simulating various exceptions Actions
Feature #5203: dpdk: implement primary app for Suricata secondary mode Actions
Feature #5217: ips: allow dropping of flow if applayer specific memcap is hit Actions
Feature #5286: ips: allow dropping of packet/flow when alert queue exceeded Actions
Feature #5415: tftp: support keywords such as file.name, file.data etc... Actions
Feature #5495: implement grace period for midstream exception policy Actions
Feature #5576: Dataset is setting data despite the signature being a complete match Actions
Feature #5640: frames: tx frames Actions
Feature #5642: DNS: parity between log fields and detection Actions
Feature #5664: "Scope" bits should have an expiration Actions
Feature #5726: ike: add frame support Actions
Feature #5775: rules: http.headers - dynamic sticky buffers Actions
Feature #5826: frames: logging of events set on frames Actions
Feature #5838: dpdk: NIC encapsulation stripping Actions
Feature #5845: smb: Support SMB_COM_SESSION_SETUP_ANDX Request Actions
Feature #5973: warn when HTTP rules will only work for a specific version of HTTP Actions
Feature #5974: flow: midstream exception policy "reject-both" support Actions
Feature #6063: exception-policy: stream async policy Actions
Feature #6091: eve/alert: missing dhcp metadata Actions
Feature #6114: dpdk: wrap DPDK logs in a Suricata logger Actions
Feature #6210: outputs: add verdict event type Actions
Feature #6214: multi-tenant: suricatasc command with parity with non-tenant commands for rules Actions
Feature #6216: http: HHHash support Actions
Feature #6237: Multi-tenancy: Allow inner VLAN to be selected Actions
Feature #6261: Add GRE as a parsible protocol Actions
Feature #6293: Support disabling forced flow reuse in low memory conditions Actions
Feature #6368: stream/midstream: wscale setting Actions
Feature #6399: Per-thread stats values can be negative Actions
Feature #6409: lua: add HTTP/2 lib Actions
Feature #6422: dpdk: expand on DPDK allocation hints Actions
Feature #6424: HTTP/2 - http.host behavior when both :authority pseudo header and host header are present Actions
Feature #6459: filebits: support for new type of bits Actions
Feature #6472: HTTP/3 support Actions
Feature #6651: quic: detect on non-standard ports Actions
Feature #6693: detect/byte_jump: add support for bitmask option Actions
Feature #6723: detect: review existing keywords for usage of enumerations Actions
Feature #6724: detect: review existing keywords for usage of bitflags Actions
Feature #6729: websockets: support over HTTP/2 Actions
Feature #6831: rules: support extraction of bytes of non-numeric values Actions
Feature #6927: dpdk: add unit tests for threading and mempool cache size functions Actions
Feature #6936: landlock: enable by default Actions
Feature #6956: mqtt: create PDU frames without regard to the parsing function Actions
Feature #6996: add transformation to keyword performance stats Actions
Feature #6999: output/json: enrich EVE w/ libmaxminddb geoip info Actions
Feature #7062: redis: support authenticating against a redis server Actions
Feature #7068: protocol support: STUN Actions
Feature #7070: eve: internal state output facility Actions
Feature #7092: frames: support rules with multiple different frames Actions
Feature #7109: app-layer: stop generating anomalies after gap in the flow Actions
Feature #7117: dpdk: hardware timestamping for packets Actions
Feature #7125: threshold: by_src, by_dst, by_both should support vlan separation Actions
Feature #7177: http1: add frame support Actions
Feature #7211: detect/integers: support a count argument for array of integers Actions
Feature #7245: Add SIMD support for arm64 Actions
Feature #7313: transforms: have option on how to handle failure Actions
Feature #7347: eve/alert: log file_data Actions
Feature #7351: transform/from_base64: Support "relative" offsets Actions
Feature #7354: detect: reimplement ip-only as a per group prefilter Actions
Feature #7399: ipv6: support short notation of ipv6 addresses in output Actions
Feature #7401: yaml: add schema Actions
Feature #7438: detect: add flow.rate keyword Actions
Feature #7470: detect/ldap: add ldap.bind.version keyword Actions
Feature #7480: detect/integers: array of integers should support an optional second argument to specify the index Actions
Feature #7514: rules: add file specific hooks Actions
Feature #7519: dpdk: verify the driver is DPDK-compatible on Intel cards Actions
Feature #7534: detect/ldap: add ldap.request.message_id and ldap.responses.message_id Actions
Feature #7536: detect/ldap: add keywords for LDAP BindRequest Actions
Feature #7537: detect/ldap: add keywords for LDAP SearchRequest Actions
Feature #7538: detect/ldap: keyword ldap.modify_request.operation Actions
Feature #7539: detect/ldap: add keyword ldap.mod_dn_request.new_rdn Actions
Feature #7566: dcerpc: applayer events for anomalous parsing results Actions
Feature #7571: list-keywords should somehow show the multi-buffer keywords Actions
Feature #7586: mime: expose 'headers' as a keyword Actions
Feature #7587: mime: add email.body_md5 keyword Actions
Feature #7600: mime: add rule keywords Actions
Feature #7629: dpdk: support for a hardware-accelerated input drop filter Actions
Feature #7646: pgsql: add CopyBoth subprotocol/mode Actions
Feature #7666: rust: zero-dependency crate suricata-ffi Actions
Feature #7672: detect/transforms: subslice transform Actions
Feature #7674: source/tunnels: config option to distinguish tunnels Actions
Feature #7691: detect: explore code embedded relationships between registered keywords Actions
Feature #7699: firewall: separate stats for ips and firewall Actions
Feature #7711: tracking: detect: add detection hooks to inspect/drop before stateful components Actions
Feature #7717: vxlan: treat as its own tunnel Actions
Feature #7739: github-ci: add PCAP file reading tests Actions
Feature #7768: ips: improve file.data support Actions
Feature #7786: pcap: Enhance --pcap-file-delete to Conditionally Delete PCAPs Based on Alerts Actions
Feature #7801: Support multi-buffer byte variables Actions
Feature #7816: Add alternative to file magic Actions
Feature #7830: hyperscan: support cache invalidation and removal Actions
Feature #7832: github-ci: add live hyperscan caching tests Actions
Feature #7846: rules/transform: add gunzip transform Actions
Feature #7847: rules: extend byte_extract named variables for use in other keywords/transformations such as xor Actions
Feature #7848: rules: extend pcrexform for use outside of existing suricata buffers Actions
Feature #7871: dpdk: rte_flow capture bypass Actions
Feature #7875: list-keywords should somehow show the integer keywords Actions
Feature #7894: output: log http2.window when needed Actions
Feature #7904: http: support zstd compression Actions
Feature #7928: rules: distinct counting logic Actions
Feature #7929: detect/integers: support optional second argument to specify the index for all keywords Actions
Feature #7955: c: create files with explicit permissions Actions
Feature #7956: rust: create files with explicit permissions Actions
Feature #7979: sslproxy: add support for parsing decrypted traffic Actions
Feature #7986: protocol decoder: l2tpv3 Actions
Feature #7995: pop3: email mime parsing Actions
Feature #8006: nfs: NFSv4 should support 4.1's new enums Actions
Feature #8084: dpdk: in dpdk runmode initialize EAL threads Actions
Feature #8099: multi-tenant: optionally reload tenant rules on SIGUSR2 Actions
Feature #8116: Quic: encryption-handling config parameters Actions
Feature #8117: rules: flow.elephant keyword Actions
Feature #8128: rules/transform: add json_decode transform Actions
Feature #8130: http: http.uri should normalize the + into space as per RFC 1886 Actions
Feature #8138: windivert: Build using WinDivert 2 Actions
Feature #8139: defrag: alert on / reject >=3 layer overlaps Actions
Feature #8174: frames: add --list-frames option Actions
Feature #8179: dcerpc.opnum: doesn't support operators >,<,!,= Actions
Feature #8222: nfs: log detailed response for versions other than v3 Actions
Feature #8225: dpdk: recognize net_pcap driver and stop after no packets are rx_bursted Actions
Feature #8227: hyperscan: test cache creation and pruning in CI Actions
Feature #8250: rules: distinct ip counting logic Actions
Feature #8262: decoder: add IGMP support Actions
Feature #8276: imap: add parser, logger and sticky buffers Actions
Feature #8285: firewall: support iprep in firewall mode Actions
Feature #8286: output/flush: Improve flushing coverage Actions
Feature #8320: dpdk: add Github CI live run tests for DPDK virtual devices Actions
Feature #8322: hs: add pruning stats details of removal reason Actions
Feature #8324: config: aggregate configuration node paths for mpm/spm settings Actions
Feature #8327: detect: add eth.hdr keyword for inspecting ethernet header Actions
Feature #8335: pgsql: add keywords for better detection and coverage Actions
Feature #8361: stream/tcp: add flags keyword Actions
Feature #8385: datasets: add support for subdomain match Actions
Feature #8386: firewall: support HTTP2 hook states for per-frame accept/drop decisions Actions
Feature #8392: firewall: support FTP hook states for firewall rule evaluation Actions
Feature #8393: firewall: support SMTP hook states for firewall rule evaluation Actions
Feature #8394: firewall: support NTP hook states for firewall rule evaluation Actions
Feature #8395: firewall: support SNMP hook states for firewall rule evaluation Actions
Optimization #2621: Convert setup scripts from sh/ed/sed to Python. Actions
Optimization #3540: krb5: use app-layer incomplete support Actions
Optimization #3707: Convert JSON Loggers to JsonBuilder Actions
Optimization #3734: af-packet: better support for csum offload Actions
Optimization #3766: Convert Stats to JsonBuilder Actions
Optimization #4490: rust: see if we can use SuricataStreamingBufferConfig Actions
Optimization #4517: cbindgen export the constants from Rust to C, also for macro such as BIT_U8(1), and remove duplicate definitions between rust and C Actions
Optimization #4747: app-layer: make tx iterator a mandatory part of the API Actions
Optimization #4802: af-packet: remove IPS support for tpacket-v3 Actions
Optimization #4806: af-packet: remove autofp support Actions
Optimization #4873: smb: midstream probing check affects performance Actions
Optimization #4937: Convert Rule Profile JSON output to JsonBuilder Actions
Optimization #4950: Code improvement in KRB5State.parse function Actions
Optimization #4987: frames: unify handling of getting frame data, flags Actions
Optimization #5076: keyword content does not work over reassembled TCP Actions
Optimization #5180: stream/tcp: flag 1st seen pkt w stream established Actions
Optimization #5207: Common Rust parser for *bits Actions
Optimization #5453: af-packet ips: floods packets that should be learned Actions
Optimization #5476: decoder: compact & flexible storage of decoder data in the packet Actions
Optimization #5711: runmodes: Suricata does not hint anything about missing runmode Actions
Optimization #5787: detect/filestore: optimize http tx handling Actions
Optimization #6001: investigate: optional/configurable stats log verbosity Actions
Optimization #6002: stats/exception: allow configuring verbosity via unix socket Actions
Optimization #6061: cmdline: make --list-runmodes output friendlier Actions
Optimization #6188: ConfYamlLoadString: handle allocation failures Actions
Optimization #6225: exception: standardize log message about set-up value Actions
Optimization #6418: detect/parse: rule parser error uses outdated buffer Actions
Optimization #6502: schema: avoid - and . in keys Actions
Optimization #6652: Configuration values trigger error instead of warning messages Actions
Optimization #6654: pgsql: optimize PDU processing logic Actions
Optimization #6703: detect-engine/port: Explore Rank Balanced trees for post grouping uses Actions
Optimization #6704: CI: expand check for pcapng; also check `-nanosecond` Actions
Optimization #6747: dpdk: synchronized CPU stalls on Suricata workers Actions
Optimization #6960: fuzz: target to test signatures compatibility Actions
Optimization #7186: detect: represent direction with enum Actions
Optimization #7263: pgsql: limit tx.responses - configurable? Actions
Optimization #7266: detect/dns-query: clean-up and convert unit tests Actions
Optimization #7371: smb: events/counters for caches getting full Actions
Optimization #7423: eve/json: reduce default memory buffer size; remove double buffering Actions
Optimization #7430: dns: parse more than 255 name segments to find end of name Actions
Optimization #7441: config/port: Misleading message when port string is too long Actions
Optimization #7528: decode: remove duplicate counters tracking unknown ethertype values Actions
Optimization #7585: af-packet: SOF_TIMESTAMPING_RAW_HARDWARE dangerous default leading to incorrect timestamps Actions
Optimization #7650: pgsql: clean up logging Actions
Optimization #7676: flow/manager: prepare for emergency mode earlier Actions
Optimization #7762: rust: finish moving extern C definitions to suricata_sys and bindgen Actions
Optimization #7835: pcap-file: move packet counter to PCAP packet structure Actions
Optimization #7889: detect/integers: move keywords from C to rust Actions
Optimization #7994: pop3: parser improvements Actions
Optimization #8003: rust/sip: Some functions do redundant computing Actions
Optimization #8105: conf: timeout on too many scalar events Actions
Optimization #8187: rust: move extern C definition to suricata-lua-sys and bindgen Actions
Optimization #8254: detect/ssh: move code to rust Actions
Optimization #8255: detect/quic: move code to rust Actions
Optimization #8267: detect/smb: move code to rust Actions
Optimization #8310: detect/ike: move code to rust Actions
Optimization #8391: detect/dcerpc: move code to rust Actions
Task #2693: tracking: libsuricata Actions
Task #3153: tracking: scan-build warnings Actions
Task #3166: src code file reorg Actions
Task #3334: rust: cleanup registration of C function pointers in SuricataContext Actions
Task #3343: tracking: developer documentation Actions
Task #3836: Formatting rust code Actions
Task #4023: Convert unittests to new FAIL/PASS API: detect-engine-address-ipv6.c Actions
Task #4082: ftp: convert parser to Rust Actions
Task #4098: smtp: convert parser to Rust Actions
Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools Actions
Task #4143: tracking: file.data improvements Actions
Task #4161: tls: convert parser to Rust Actions
Task #4429: libsuricata: Use cases with examples Actions
Task #4682: tracking: clean up globals and thread locals Actions
Task #4704: unix-socket: separate functionality from the unix socket interface Actions
Task #4707: detect: unify internal buffer names to use <proto>.<buffer> naming Actions
Task #4773: research: IPS behavior wrt resource limits Actions
Task #4799: af-packet: review iface up/down logic Actions
Task #4919: Add option to change sensor-name log field Actions
Task #4936: Use Rust to parse unix socket messages Actions
Task #5050: rules/frames: settle on rule syntax Actions
Task #5181: detect/engine-analyzer: add rule analyzer warnings about rules that could use the frame keyword/semantics/feature Actions
Task #5256: rust: see if we can reduce number of crate deps Actions
Task #5560: dpdk: Design a test-case for Suricata running as a secondary process Actions
Task #5610: tracking: new protocol: telnet Actions
Task #5613: counters: reduce size of data structure Actions
Task #5615: counters: avoid duplicate work Actions
Task #5678: tracking: improve handling of non-IP protocols Actions
Task #5682: tracking: smb performance issues Actions
Task #5827: [investigate] output/drop: make `drop reason` more informative Actions
Task #5840: dpdk: Design test cases for DPDK capture interface Actions
Task #6028: c: C11 _s style buffer handling calls Actions
Task #6029: c: require C11 Actions
Task #6179: tracking: flash decompression deprecation and removal Actions
Task #6184: flash decompression: remove feature Actions
Task #6217: research: increased tcp.overlap after file data changes Actions
Task #6258: misc: clean-up commented out code Actions
Task #6273: misc: clean up left over printf calls Actions
Task #6308: detect/analyzer: add more keyword details Actions
Task #6311: detect/analyzer: add more details for the flowint keyword Actions
Task #6321: Convert unittests to new FAIL/PASS API - decode-raw.c Actions
Task #6323: Convert unittests to new FAIL/PASS API - ippair-bit.c Actions
Task #6324: Convert unittests to new FAIL/PASS API - stream-tcp-reassemble.c Actions
Task #6333: Convert unittests to new FAIL/PASS API - util-rule-vars.c Actions
Task #6336: Convert unittests to new FAIL/PASS API - tests/detect-http-stat-code.c Actions
Task #6338: Convert unittests to new FAIL/PASS API - tests/detect-http-stat-msg.c Actions
Task #6340: Convert unittests to new FAIL/PASS API - tests/detect-http-method.c Actions
Task #6344: Convert unittests to new FAIL/PASS API - detect-pcre.c Actions
Task #6346: Convert unittests to new FAIL/PASS API - detect-engine-dcepayload.c Actions
Task #6351: detect/analyzer: add more details for the xbits keyword Actions
Task #6382: github/actions: add DPDK 23.11 build Actions
Task #6474: detect: smtp body inspection keyword Actions
Task #6476: ftp: parity of logging and detection buffers Actions
Task #6485: [investigate] Scoring method for keywords and transforms Actions
Task #6489: test/stream/tcp-list: fix unittests Actions
Task #6545: tls-store: unify with file-store Actions
Task #6576: pgsql: log identifier for unknown messages? Actions
Task #6849: brainstorm: should certain eve ouput types be removed (eg syslog) Actions
Task #6917: [investigate] exceptions: are drop reasons unique to policies? Actions
Task #6929: eve/stats: make stats API aware of meaningful zero-values Actions
Task #6951: tracking: nfs performance issues Actions
Task #6968: decode: unify decode thread module with receive thread module Actions
Task #7030: arp: make arp opcodes into enum Actions
Task #7061: content-inspect: expand accepted range of depth/offset/distance & related Actions
Task #7071: core/rust: use Direction enum for raw parser trigger fn Actions
Task #7161: detect prefilter: decide to enable it by default for a subset of keywords Actions
Task #7232: http-log: remove Actions
Task #7233: tls-log: remove (deprecated in Suricata 8) Actions
Task #7234: syslog: remove standalone syslog output Actions
Task #7452: ldap: add keywords to match output Actions
Task #7511: engine/analysis: store warnings and debugs in the rule struct Actions
Task #7578: engine/analysis: add info on filestore Actions
Task #7589: eve: deprecate syslog filetype for eve Actions
Task #7590: eve: remove syslog filetype Actions
Task #7627: events/rules: prevent ruleset loading blocks from name fixes Actions
Task #7642: tls: deprecate "default" as an option in encryption-handling node Actions
Task #7721: threading: make the Suricata 7 cpu affinity format obsolete Actions
Task #7737: fast log: add syslog as an file type Actions
Task #7738: ldap: update ldap-parser crate to 0.5.0 and refactor code Actions
Task #7742: ftp: trigger raw stream inspection Actions
Task #7743: http: trigger raw stream inspection Actions
Task #7744: tracking: rust: dependencies for 9.0 Actions
Task #7745: rust: set new minimum Rust version for Suricata 9.0 Actions
Task #7797: detect/alert: log event if discarding lower priority rule Actions
Task #7850: stats: add dedicated counters for firewall mode Actions
Task #7858: schema: allow stream events for stats Actions
Task #7863: smb: trigger raw stream inspection Actions
Task #7880: rust/bendy: update to address RUSTSEC-2020-0036 Actions
Task #7885: build-scopes: add QA or SIMULATION mode Actions
Task #7935: security: review security levels definitions Actions
Task #7952: tracking: CWE-732: File created without restricting permissions Actions
Task #7957: umask: enable by default Actions
Task #7958: ci: Add multi-tenant test Actions
Task #8023: rust: nom 8 Actions
Task #8024: rust: convert dns to nom 8 Actions
Task #8025: rust: convert sip/sdp to nom 8 Actions
Task #8026: rust: convert ftp to nom 8 Actions
Task #8027: rust: convert app-layer template to nom 8 Actions
Task #8036: rust: convert dhcp to nom 8 Actions
Task #8037: rust: convert tftp to nom 8 Actions
Task #8038: rust: convert enip to nom 8 Actions
Task #8039: rust: convert pgsql to nom 8 Actions
Task #8040: rust: convert nfs to nom 8 Actions
Task #8041: rust: convert rfb to nom 8 Actions
Task #8042: rust: convert ssh to nom 8 Actions
Task #8043: rust: convert telnet to nom 8 Actions
Task #8044: rust: convert rdp to nom 8 Actions
Task #8045: rust: convert bt to nom 8 Actions
Task #8046: rust: convert ws to nom 8 Actions
Task #8047: rust: convert mqtt to nom 8 Actions
Task #8048: rust: convert mime to nom 8 Actions
Task #8049: rust: convert http2 to nom 8 Actions
Task #8050: rust: convert ike to nom 8 Actions
Task #8051: rust: convert detect to nom 8 Actions
Task #8078: threading: don't use thread local for packet pool Actions
Task #8086: rust: convert asn1 to nom 8 Actions
Task #8087: rust: convert conf to nom 8 Actions
Task #8088: rust: convert util to nom 8 Actions
Task #8089: rust: convert smb to nom 8 Actions
Task #8090: rust: convert htp to nom 8 Actions
Task #8093: rust: convert dcerpc to nom 8 Actions
Task #8095: libsuricata: expose API for reloading rulesets Actions
Task #8096: libsuricata: add live example usage of the Suricata library Actions
Task #8106: misc: don't use global for SCInstance Actions
Task #8109: libsuricata: allow user to change the name of the program Actions
Task #8127: rust: convert pop3 to nom 8 Actions
Task #8140: rust: convert quic to nom 8 Actions
Task #8147: psl: crate should be updated on every release Actions
Task #8189: dns: deprecate v2 logging Actions
Task #8269: rust: suppress nugatory RUSTSEC-2026-0009 for time crate Actions
Task #8337: capture/napatech: use fixed spacing for stream in thread name Actions
Task #8339: stream/tcp: add counter(s) for stream async Actions
Task #8381: rust: auto-detect suitable rust version in ./configure Actions
Task #8382: rust: update minimum rust version to 1.85 Actions
Task #8387: firewall: Validate and opt-in keywords that emit "has not been tested for firewall rules" warning Actions
Task #8397: firewall: enable content inspect keywords for firewall mode Actions
Documentation #2620: userguide: document tagged_packets / event_type packet Actions
Documentation #3028: No documentation for "pkt_data" keyword Actions
Documentation #4350: doc/devguide: transaction handling logic Actions
Documentation #4352: Devguide: Debugging Basics - pcap_cnt Actions
Documentation #4557: Add document about JsonBuilder Actions
Documentation #4658: Add/improve documentation for pcre substring capture logging Actions
Documentation #4705: userguide: add sections about frame support Actions
Documentation #4708: devguide: Add Eve Output Plugins Actions
Documentation #4709: userguide: Add page about analyzing Suricata performance Actions
Documentation #4980: doc/frames: document frame rule keyword Actions
Documentation #5008: userguide: add a protocol chart listing defaults Actions
Documentation #5030: rules/endswith: doc wrong for offset/distance/within warning Actions
Documentation #5267: Meaning of insert_list_fail counter Actions
Documentation #5274: devguide: document how the alert flow works Actions
Documentation #5465: doc/userguide: document terminating behavior of rule actions Actions
Documentation #5477: Json schema doesn't support thread stats Actions
Documentation #5532: userguide: have a section to mention and document the various ways stream-depth can be set Actions
Documentation #5534: userguide: better document what TCP midstreams are for Suricata Actions
Documentation #5543: userguide: document which keywords accept the prefilter keyword Actions
Documentation #5554: userguide: document behavior for actions like PASS, DROP, REJECT, BYPASS... Actions
Documentation #5575: docs: bring 'reporting bugs page' into userguide and update it Actions
Documentation #5612: devguide: add a chapter about Suricata's exception policies Actions
Documentation #5829: userguide: add context on "why/when an exception policy is applied" Actions
Documentation #5830: userguide: update & improve exception policy section Actions
Documentation #5869: userguide: describe what are the delta stats counters Actions
Documentation #5891: userguide: explain different log save directory in offline mode Actions
Documentation #5897: devguide: add section on generating code coverage reports locally Actions
Documentation #5910: devguide: explain possible differences in data inspection with inline stream or not Actions
Documentation #6026: userguide/suricata-yaml: update image on threading Actions
Documentation #6030: devguide: expand Suricata Internals chapter Actions
Documentation #6058: doc/configuration: clarify sig_id & gid_id for global threshold Actions
Documentation #6075: eve/schema: document http Actions
Documentation #6078: eve/schema: document pgsql Actions
Documentation #6096: eve/app-layer: generate example eve-log for each protocol Actions
Documentation #6097: eve/dhcp: generate example dhcp output Actions
Documentation #6098: eve/dns: generate example dns output Actions
Documentation #6180: userguide: add troubleshooting section Actions
Documentation #6219: userguide: add page about different usecases Actions
Documentation #6369: stream: document stream.3whs_syn_flood and stream.3whs_synack_flood Actions
Documentation #6406: userguide: remove ambiguous "we" usages Actions
Documentation #6412: devguide: API upgrade notes Actions
Documentation #6434: eve/schema: document stats Actions
Documentation #6442: rtd: indicate that a page is for an outdated version Actions
Documentation #6451: userguide: update 'what is suricata' section Actions
Documentation #6452: userguide/ftp: clarify usage around ftp and ftp.data keyword Actions
Documentation #6484: userguide: add keyword performance results Actions
Documentation #6486: userguide: explain pkt_on_wrong_thread counter Actions
Documentation #6492: doc: explain how FTP works Actions
Documentation #6495: userguide: add section on SMTP event type Actions
Documentation #6626: devguide: add instructions for MacOS setup Actions
Documentation #6824: doc: Document every parameter of the configure script Actions
Documentation #7174: docs: investigate if RtD AddOns will impact our guides Actions
Documentation #7277: doc/actions: clarify 'pass' scope variations Actions
Documentation #7348: userguide: explain SYSTEM and USER mode Actions
Documentation #7424: devguide: document pseudo packets Actions
Documentation #7580: userguide: add section for negated content Actions
Documentation #7662: userguide: add section for rule hooks Actions
Documentation #7680: userguide: document tx scoped xbits Actions
Documentation #7722: docs: add a glossary chapter Actions
Documentation #7755: doc: document ethtool offloads for common use Actions
Documentation #7793: eve/schema: document stats.decoder counters Actions
Documentation #7840: userguide: document transaction loggers can be registered from a plugin Actions
Documentation #7921: docs: disambiguate 'frame' word usage Actions
Documentation #7937: docs: update backports policy for Suricata 7.0.x Actions
Documentation #7953: doc: umask option not documented Actions
Documentation #8011: userguide: document behavior/support for stream.async-oneside Actions
Documentation #8031: isdataat: document different semantics between absolute and relative modes Actions
Documentation #8035: transform/luaxform: documentation states it supports init function Actions
Documentation #8113: doc: remove mention of suricata-7 in latest docs Actions
Documentation #8135: luaxform: options incorrectly described Actions
Documentation #8137: windivert: Add WinDivert to Windows build instructions Actions
Documentation #8261: doc/userguide: fix within-distance pointer graphics in payload-keywords doc Actions
Documentation #8330: doc: explain dcerpc.opnum doesn't support operators >,<,!,= Actions
Documentation #8344: doc: update Rust install instructions Actions
Documentation #8347: eve-log: modbus not listed in suricata.yaml Actions
Documentation #8372: rules: fix typos/ missing keywords in rule examples Actions
Security #6187: detect: handle allocation failures during rule reload Actions
Security #8021: eve/alert: heap buffer overflow on verdict Actions
Security #8065: lua: stack overflow from unbounded stack allocation in LuaPushStringBuffer Actions
Security #8278: krb5: TCP parser never advances past the first record in a multi-record segment Actions

Also available in: TXT