Project

General

Profile

9.0.0-beta1

open

Due in about 11 months (04/06/2027)

38%

652 issues   (226 closed426 open)

Issues by
Bug

87/162
Feature

42/205
Optimization

19/69
Task

56/133
Documentation

18/79
Security

4/4
Related issues
JL Bug #1412: byte_test checks before byte_extract happens in some cases Actions
JF Bug #1722: ip rules don't trigger under the context of 'flow:stateless' Actions
OD Bug #1826: Rule validation bug with fast_pattern:only and specified buffers Actions
OD Bug #1926: rule parsing: wrong content checked for fast_pattern (snort compatibility) Actions
CT Bug #2091: nonexistent/misspelled custom fields accepted during parsing of suricata.yaml Actions
OD Bug #2205: detect: error on content relative to fast_pattern:only Actions
PA Bug #2978: IRC traffic parsed by FTP Actions
JF Bug #3083: DROP rule with "noalert" Actions
OD Bug #3218: detect: wrong matches with ssl_state Actions
PA Bug #3220: tls: ssl_version keyword negation (!) not working Actions
VJ Bug #3375: tracking: file tracking/inspection performance issues Actions
JI Bug #4135: dns: response only udp not detected as dns Actions
JK Bug #4330: file hash parameter in yaml accepts non valid values Actions
JL Bug #4482: detect: detect events not in rules, not tested (and not working?) Actions
VJ Bug #4522: Rules with stream_size greater than not working Actions
VJ Bug #4571: Unable to trigger rule by content in case of IPv4 in IPv4 encapsulation Actions
VJ Bug #4786: xbits: no error on invalid 'expire' values Actions
JL Bug #4898: detect: Ensure detection events are logged Actions
OD Bug #4917: tls: leading GAP in toserver direction leads to various issues Actions
SB Bug #5031: flowbits - no error on invalid options Actions
EL Bug #5037: invalid timestamp in ending events Actions
PA Bug #5133: dcerpc: logs not created after unhandled packet such as auth3 Actions
JS Bug #5140: nfs: NFS3/NFS2 procedure conflict Actions
OD Bug #5196: config: test mode should fail when there are invalid config values Actions
LS Bug #5199: flow/memcap: too low setting causes crash Actions
OD Bug #5255: output/alert: incorrect pcap_filename logged with --pcap-file-recursive Actions
EL Bug #5704: Filestore is not working if landlock is enabled Actions
VJ Bug #5713: eve/tls: version not logged for client hello only session Actions
JI Bug #6370: plugins: install libsuricata-config by default, or with headers Actions
JI Bug #6384: rust: configure fails to persistently detect/remember cbindgen location Actions
OD Bug #6499: tcp.active_sessions and flow.active count will never reduce when using trex Actions
PA Bug #6591: protodetect: ftp parsed as smtp Actions
VJ Bug #6743: stream/tcp: spurious retransmission seen as invalid Actions
VJ Bug #6744: tcp: fast open packet not fully handled Actions
JF Bug #6776: exception/policy: bypass flow incorrect applied? Actions
VJ Bug #6865: stream/reassembly: BUG_ON triggered from AdjustToAcked in debug mode Actions
OD Bug #6971: defrag: default policy is inconsistent Actions
OD Bug #6976: flow/action: not updated w pkt + flow:stateless rules Actions
LS Bug #7009: dpdk: compile warning ‘rte_eth_bond_members_get’ is deprecated Actions
JF Bug #7133: Could the midstream policy support "drop-packet"? Actions
VJ Bug #7216: stats: drop_reason counters don't support tunneled connections Actions
VJ Bug #7250: tls version match can have incorrect behaviour Actions
PA Bug #7254: dcerpc: parser does not support multiple PDUs Actions
VJ Bug #7360: BUG_ON triggered from GetLeftEdge Actions
LS Bug #7376: dpdk: delayed detect won't fully start Suricata until the first traffic Actions
LS Bug #7378: dpdk: having too few hugepages can lead to segfault on startup Actions
JL Bug #7389: log: adding too many 'v's cycles back to less verbose mode Actions
JF Bug #7392: Verdict output reports "drop" when rejected Actions
SB Bug #7429: detect/ip-only: severe performance degradation of "ip-only" rules with negation Actions
VJ Bug #7442: telnet: frame parser inaccuracies Actions
JF Bug #7544: eve/alert: verdict reports "alert" when traffic is allowed implicitly/passively Actions
SB Bug #7546: dcerpc: parser does not take fraglen into account Actions
PA Bug #7547: dcerpc: parser uses only one header for both directions Actions
JF Bug #7630: eve/alert: incorrect verdict with pass + alert rule Actions
SB Bug #7638: detect: incorrect rule ordering with more complex flowbit chains Actions
JF Bug #7641: pgsql: can the parser handle multi-statement in simple query Actions
PA Bug #7664: detect: coverity Dereference before null check Actions
JF Bug #7718: pgsql: fix messages that are skipped (not logged) Actions
JF Bug #7719: pgsql: fix not parsing of NoticeResponse message Actions
JF Bug #7720: pgsql: fix not parsing of NotificationResponse msg Actions
OD Bug #7724: detect: wrong detect behavior for stream keywords no_stream and only_stream Actions
FZ Bug #7753: decoder/vxlan: packet drops with non-zero reserved fields Actions
SB Bug #7771: flowbits: cyclic dependencies in flowbits are accepted by the engine Actions
SB Bug #7772: flowbits: no-op set and isset combinations are accepted Actions
SB Bug #7773: flowbits: no-op unset + isnotset combinations are accepted Actions
SB Bug #7774: flowbits: invalid set + toggle combinations are accepted Actions
JL Bug #7814: detect/entropy: entropy values can be overwritten Actions
SB Bug #7817: flowbits: invalid isset and isnotset combinations are accepted Actions
SB Bug #7818: flowbits: invalid set and unset combinations are accepted Actions
JI Bug #7829: lua/http: null dereference in accessor functions Actions
LS Bug #7831: util/affinity: tests are platform dependent Actions
JF Bug #7841: gre: investigate possible parent flow missing Actions
VJ Bug #7842: base64: base64_data with relative match after base64_decode:relative fails Actions
JL Bug #7855: anomaly/ether_type: always logged as big endian Actions
AK Bug #7879: runmode/dpdk: dpdk_vars initialized to NULL for any livedev Actions
JF Bug #7884: exceptions: handle logging for per-packet policies Actions
SB Bug #7886: firewall: --firewall-rules-exclusive loads generic td rules as well Actions
SB Bug #7887: detect/tls: zero characters in keywords such as alt name are mishandled Actions
JI Bug #7902: output/json: invalid IKE logs Actions
VJ Bug #7905: src: format truncation level 2 warnings Actions
PA Bug #7950: mime: incorrect decoding of quoted-printable text attachments Actions
JF Bug #7963: decode/ipv6: pkt_too_small event never set Actions
PA Bug #7973: detect/files: signatures using file keywords on udp only app protos fail Actions
LS Bug #7975: dpdk: CPU exclude logic is broken Actions
PA Bug #7991: http2: wrong parsing of go away frames error code Actions
SB Bug #7996: tls: certificate SAN is freed in case of any error Actions
VJ Bug #7997: detect: replace keyword leaks memory Actions
HL Bug #8000: snmp: detection-only setting is broken Actions
VJ Bug #8002: pcap-log: bpf-filter not applied when using multi mode Actions
VJ Bug #8008: unittests: segv in SCSigOrderingTest12 on OpenBSD Actions
OD Bug #8009: NFSv3: File extraction bug when stable equal with FILE_SYNC Actions
PA Bug #8010: fragbits: failure to parse existing rules Actions
AB Bug #8014: flow/timeouts: yaml configured values unused for bypassed Actions
JL Bug #8015: detect/ip.src: does not load with lua transform Actions
PA Bug #8028: detect/urilen: invalid ranges silently convert to equals Actions
AD Bug #8052: python/Makefile: too open file permissions for defaults.py Actions
SB Bug #8054: src: error retval of VarNameStoreRegister is not handled Actions
CT Bug #8073: util/time: wrong microseconds computation in TimeDifferenceMicros Actions
VJ Bug #8102: unix-socket: hostbit commands ipv6 parsing issues Actions
AS Bug #8115: Log rotation doesn't work during zero traffic Actions
PA Bug #8119: file: wrong hash on small multipart files Actions
PC Bug #8129: configure: hint for installing bindgen is outdated Actions
SZ Bug #8146: utils-spm-hs: missing deallocators on hs_compile failure Actions
AS Bug #8153: Double log rotation with rotation flag/interval Actions
EL Bug #8161: schema: allow `http_request_body` fields Actions
SB Bug #8166: flowbits: invalid unset + toggle combinations are accepted Actions
LS Bug #8169: dpdk: DPDK tag inadvertently changes compile architecture Actions
GL Bug #8172: flow: mac addresses are not swapped Actions
VJ Bug #8173: lua: crash with luaxform and arguments Actions
SZ Bug #8184: Loop counters underflows across codebase Actions
SB Bug #8205: detect/proto: alproto.enabled config in yaml enables protocol for both udp and tcp Actions
VJ Bug #8206: firewall: loading rules only through yaml fails Actions
VJ Bug #8210: rust: update lru crate to address RUSTSEC-2026-0002 Actions
LS Bug #8213: dpdk: configured interface cache size not respected Actions
LS Bug #8215: dpdk: adjust auto-derived mempool size to members count when used with net_bonding driver Actions
PA Bug #8223: ssh: Hassh enabled by rules even if set to no in suricata.yaml Actions
PA Bug #8224: detect/app-layer-event: alert generated for the wrong packet Actions
LS Bug #8243: hyperscan: coverity warning on stat path check Actions
JI Bug #8248: lua: calling metatable garbage collector with nil from a script leadsd to a null pointer dereference Actions
LS Bug #8251: dpdk: (x)stats are only accessible before port stop Actions
PA Bug #8256: detect: http.headers does not work on trailers when it is not fast_pattern Actions
PA Bug #8257: docs: checks that keywords doc links exist Actions
GL Bug #8258: ldap: no invalid_data event in case of invalid request Actions
JI Bug #8259: lib: examples fail with debug validation as they create threads after threads are sealed Actions
SB Bug #8266: detect: erroneous alerts due to inconsistency between applayer and stream Actions
JI Bug #8271: pfring: StringParseUnt16 function is not found Actions
LS Bug #8273: dpdk: adjust variable sizes in xstats printing Actions
JI Bug #8279: build: when documentation tools are install, make dist attempt to install files to prefix Actions
VJ Bug #8300: openbsd: race condition between pledge and pcap directory mode Actions
LS Bug #8301: dpdk: TX descriptors should be set to positive values >= 64 Actions
VJ Bug #8308: plugins/ndpi: SIGSEGV in DetectnDPIProtocolPacketMatch Actions
VJ Bug #8311: firewall: af-packet IPS mode overwrites firewall mode Actions
VJ Bug #8313: firewall: rule language can't accept ARP Actions
AA Bug #8318: ndpi: crashing in StorageGetById() Actions
LS Bug #8325: hs: harden cache manipulation Actions
PA Bug #8333: detect: false alerts with drop rule using geoip Actions
PA Bug #8336: tls.encryption-handling: bypass breaks flowbit-dependent JA3/JA3S rules in IDS mode Actions
VJ Bug #8342: libmagic 5.47 cause UT and SV tests to break Actions
JF Bug #8349: pgsql: disable parser by default Actions
GL Bug #8355: sip: protocol detection incorrectly matches ssdp traffic Actions
GL Bug #8368: ldap: add ldap.rules file Actions
LS Bug #8370: dpdk: "auto" in mempool size undercalculates the mempool size for Rx/Tx descriptors Actions
PA Bug #8375: smb/dcerpc: use bind context_id to log the right interfaces Actions
PA Bug #8378: dcerpc: handle multiple bind/alter_context with their context_id to log the right interfaces Actions
VJ Bug #8390: firewall: reject action to send TCP RST / ICMP unreachable Actions
PA Bug #8410: http2: response_frame_size is never set Actions
PA Bug #8421: snmp: snmp-event.rules file is missing Actions
AK Bug #8440: capture-bypass: flow statistics of bypassed flows lost during shutdown Actions
AK Bug #8442: capture-bypass: worker timeout of flows causes statistics inconsistencies Actions
VJ Bug #8444: firewall: accept:flow at app-layer hook bypasses app:td (IDS/IPS) evaluation Actions
PA Bug #8451: http2: http.host does not match as soon as possible Actions
PA Bug #8454: doh2: FN with rulesets combining dns rules and http2 rules Actions
OD Bug #8457: dcerpc.iface keyword matches any interface if PFC_FIRST_FRAG is missing in the BIND request Actions
JI Bug #8465: config: use after free when include sequence redefines parent of dotted key Actions
AK Bug #8473: BypassManager checks registration of BypassedCheckFuncInit instead of BypassedCheckFunc Actions
JL Bug #8489: ftp: the "too many transactions" event isn't raised Actions
VJ Bug #8495: firewall: ruleset can skip hook if only later rules are present Actions
VJ Bug #8497: firewall: limit packet scope to UDP app-layer Actions
SP Bug #8500: reputation: useless code leads to buffer underflow Actions
PA Bug #8501: detect/dns: dns.*.rrname keywords do not work with "alert udp" prefix Actions
SP Bug #8505: detect-engine-analyzer: use of free()'d memory in engine-analysis mode when engine-analysis is turned off Actions
GL Bug #8524: sip: sip-event.rules file is missing Actions
PA Feature #635: output: missing keywords in list-keywords output Actions
PM Feature #682: Add DEP and ASLR to Windows Binary Actions
VJ Feature #1005: conditional logging: controlling what gets logged Actions
JI Feature #1542: dump-config - extend into multi-detect supplied yaml configuration Actions
VJ Feature #1954: af-packet: runtime option/flag to disable hardware timestamp support Actions
VJ Feature #1979: TCP/IP packets normalization/scrubbing Actions
OD Feature #1983: tls: events are directionless and trigger twice per flow direction Actions
OD Feature #1993: commandline: introduce --enable-all-outputs switch Actions
OD Feature #2375: Design and implement sensible per-thread capabilities Actions
JI Feature #2448: dns: additional buffers for DNS Responses Actions
PA Feature #2487: rules: buffers for field/value pairs in http.uri and http.client_body Actions
OD Feature #2678: list-keywords: add info about fast_pattern and transforms Actions
JL Feature #2958: Suricata 5.0.0beta1 and way too much anomaly logging Actions
JI Feature #3003: filestore to uses rename syscall instead of sendfile,which doesn't allow files to be sent across file systems Actions
PM Feature #3026: Windows MSI - add in service scripts Actions
PA Feature #3065: tls_cert_XX keywords date format parsing error Actions
OD Feature #3236: output: list-keywords does not match on aliases Actions
AS Feature #3243: POP3 Support Actions
OD Feature #3338: vxlan: log vni in eve Actions
GL Feature #3446: app-layer: implement MySQL parser Actions
OD Feature #3636: eve: configuration options to enable all, none or just a default set of outputs Actions
FZ Feature #3953: 8021BR E packet decoder Actions
JL Feature #4082: ftp: convert parser to Rust Actions
JL Feature #4089: rules: Flexible format transform Actions
OD Feature #4098: smtp: convert parser to Rust Actions
JI Feature #4136: configure: use Suricata-Update managed classification.config Actions
JI Feature #4153: app-layer: rust derive style macros to generate common code Actions
OD Feature #4161: tls: convert parser to Rust Actions
VJ Feature #4174: tracking: app-layer frame inspection support Actions
JL Feature #4226: bsize: apply as depth to patterns Actions
JF Feature #4566: pgsql: add subprotocol-states Actions
JI Feature #4782: config: add command to dump all active settings Actions
JF Feature #4854: pgsql: Add COPY subprotocol-state Actions
JI Feature #4855: rules: refactor rule parsing into multi-stage parser Actions
PA Feature #4861: smb: support multi-stream file transfers Actions
JL Feature #4876: Additional FTP Buffers Actions
OD Feature #4906: ftp: add stream app-layer frame support Actions
LS Feature #4910: dpdk: implement secondary mode Actions
OD Feature #4919: Add option to change sensor-name log field Actions
OD Feature #4946: nfsv2: implement WRITE support Actions
VJ Feature #4965: protocol: SOCKS support Actions
JF Feature #4986: pgsql: support frames Actions
OD Feature #4990: eve/frames: make payload logging configurable Actions
OD Feature #5029: eve: telnet logger Actions
PA Feature #5044: rules: keyword for "count" of http_header_names Actions
VJ Feature #5049: detect/frames: allow mixing with txs Actions
VJ Feature #5194: tracking: options for simulating various exceptions Actions
LS Feature #5203: dpdk: implement primary app for Suricata secondary mode Actions
OD Feature #5217: ips: allow dropping of flow if applayer specific memcap is hit Actions
JF Feature #5286: ips: allow dropping of packet/flow when alert queue exceeded Actions
OD Feature #5415: tftp: support keywords such as file.name, file.data etc... Actions
OD Feature #5495: implement grace period for midstream exception policy Actions
PA Feature #5576: Dataset is setting data despite the signature being a complete match Actions
OD Feature #5640: frames: tx frames Actions
JI Feature #5642: DNS: parity between log fields and detection Actions
SB Feature #5664: "Scope" bits should have an expiration Actions
OD Feature #5726: ike: add frame support Actions
PA Feature #5775: rules: http.headers - dynamic sticky buffers Actions
VJ Feature #5826: frames: logging of events set on frames Actions
AK Feature #5838: dpdk: NIC encapsulation stripping Actions
PA Feature #5845: smb: Support SMB_COM_SESSION_SETUP_ANDX Request Actions
OD Feature #5973: warn when HTTP rules will only work for a specific version of HTTP Actions
VJ Feature #5974: flow: midstream exception policy "reject-both" support Actions
MM Feature #6012: dpdk: add support for segmented mbufs Actions
JF Feature #6063: exception-policy: stream async policy Actions
PA Feature #6091: eve/alert: missing dhcp metadata Actions
LS Feature #6114: dpdk: wrap DPDK logs in a Suricata logger Actions
JF Feature #6210: outputs: add verdict event type Actions
OD Feature #6214: multi-tenant: suricatasc command with parity with non-tenant commands for rules Actions
PA Feature #6216: http: HHHash support Actions
JL Feature #6237: Multi-tenancy: Allow inner VLAN to be selected Actions
TW Feature #6261: Add GRE as a parsible protocol Actions
CD Feature #6293: Support disabling forced flow reuse in low memory conditions Actions
VJ Feature #6368: stream/midstream: wscale setting Actions
OD Feature #6399: Per-thread stats values can be negative Actions
PA Feature #6409: lua: add HTTP/2 lib Actions
LS Feature #6422: dpdk: expand on DPDK allocation hints Actions
OD Feature #6424: HTTP/2 - http.host behavior when both :authority pseudo header and host header are present Actions
SB Feature #6459: filebits: support for new type of bits Actions
OD Feature #6472: HTTP/3 support Actions
OD Feature #6474: detect: smtp body inspection keyword Actions
OD Feature #6651: quic: detect on non-standard ports Actions
JL Feature #6693: detect/byte_jump: add support for bitmask option Actions
PA Feature #6723: detect: review existing keywords for usage of enumerations Actions
PA Feature #6724: detect: review existing keywords for usage of bitflags Actions
PA Feature #6729: websocket: support over HTTP/2 Actions
VJ Feature #6831: rules: support extraction of bytes of non-numeric values Actions
LS Feature #6927: dpdk: add unit tests for threading and mempool cache size functions Actions
OD Feature #6936: landlock: enable by default Actions
GL Feature #6956: mqtt: create PDU frames without regard to the parsing function Actions
OD Feature #6996: add transformation to keyword performance stats Actions
JH Feature #6999: output/json: enrich EVE w/ libmaxminddb geoip info Actions
FZ Feature #7062: redis: support authenticating against a redis server Actions
JF Feature #7068: protocol support: STUN Actions
VJ Feature #7070: eve: internal state output facility Actions
VJ Feature #7092: frames: support rules with multiple different frames Actions
OD Feature #7109: app-layer: stop generating anomalies after gap in the flow Actions
JL Feature #7114: from_base64: allow matching on decode error Actions
LS Feature #7117: dpdk: hardware timestamping for packets Actions
OD Feature #7125: threshold: by_src, by_dst, by_both should support vlan separation Actions
PA Feature #7177: http1: add frame support Actions
PA Feature #7211: detect/integers: support a count argument for array of integers Actions
VJ Feature #7245: Add SIMD support for arm64 Actions
JL Feature #7313: transforms: have option on how to handle failure Actions
EL Feature #7347: eve/alert: log file_data Actions
JL Feature #7351: transform/from_base64: Support "relative" offsets Actions
SB Feature #7354: detect: reimplement ip-only as a per group prefilter Actions
JL Feature #7399: ipv6: support short notation of ipv6 addresses in output Actions
JI Feature #7401: yaml: add schema Actions
SB Feature #7438: detect: add flow.rate keyword Actions
OD Feature #7470: detect/ldap: add ldap.bind.version keyword Actions
PA Feature #7480: detect/integers: array of integers should support an optional second argument to specify the index Actions
OD Feature #7514: rules: add file specific hooks Actions
LS Feature #7519: dpdk: verify the driver is DPDK-compatible on Intel cards Actions
OD Feature #7534: detect/ldap: add ldap.request.message_id and ldap.responses.message_id Actions
OD Feature #7536: detect/ldap: add keywords for LDAP BindRequest Actions
OD Feature #7537: detect/ldap: add keywords for LDAP SearchRequest Actions
OD Feature #7538: detect/ldap: keyword ldap.modify_request.operation Actions
OD Feature #7539: detect/ldap: add keyword ldap.mod_dn_request.new_rdn Actions
SB Feature #7566: dcerpc: applayer events for anomalous parsing results Actions
PA Feature #7571: list-keywords should somehow show the multi-buffer keywords Actions
OD Feature #7586: mime: expose 'headers' as a keyword Actions
AD Feature #7587: mime: add email.body_md5 keyword Actions
OD Feature #7600: mime: add rule keywords Actions
AK Feature #7629: dpdk: support for a hardware-accelerated input drop filter Actions
JF Feature #7646: pgsql: add CopyBoth subprotocol/mode Actions
PA Feature #7666: rust: zero-dependency crate suricata-ffi Actions
JL Feature #7672: detect/transforms: subslice transform Actions
PA Feature #7674: source/tunnels: config option to distinguish tunnels Actions
LS Feature #7691: detect: explore code embedded relationships between registered keywords Actions
JF Feature #7699: firewall: separate stats for ips and firewall Actions
VJ Feature #7711: tracking: detect: add detection hooks to inspect/drop before stateful components Actions
PA Feature #7717: vxlan: treat as its own tunnel Actions
LS Feature #7739: github-ci: add PCAP file reading tests Actions
VJ Feature #7768: ips: improve file.data support Actions
OD Feature #7786: pcap: Enhance --pcap-file-delete to Conditionally Delete PCAPs Based on Alerts Actions
JL Feature #7801: rules: support multi-buffer byte variables Actions
EL Feature #7816: Add alternative to file magic Actions
LS Feature #7830: hyperscan: support cache invalidation and removal Actions
LS Feature #7832: github-ci: add live hyperscan caching tests Actions
PA Feature #7846: rules/transform: add gunzip transform Actions
JL Feature #7847: rules: extend byte_extract named variables for use in other keywords/transformations such as xor Actions
VJ Feature #7848: rules: extend pcrexform for use outside of existing suricata buffers Actions
AK Feature #7871: dpdk: rte_flow capture bypass Actions
PA Feature #7875: list-keywords should somehow show the integer keywords Actions
OD Feature #7894: output: log http2.window when needed Actions
PA Feature #7904: http: support zstd compression Actions
OD Feature #7928: rules: distinct counting logic Actions
PA Feature #7929: detect/integers: support optional second argument to specify the index for all keywords Actions
OD Feature #7955: c: create files with explicit permissions Actions
OD Feature #7956: rust: create files with explicit permissions Actions
VJ Feature #7979: sslproxy: add support for parsing decrypted traffic Actions
DP Feature #7986: protocol decoder: l2tpv3 Actions
OD Feature #7995: pop3: email mime parsing Actions
JL Feature #8006: nfs: NFSv4 should support 4.1's new enums Actions
LS Feature #8084: dpdk: in dpdk runmode initialize EAL threads Actions
OD Feature #8099: multi-tenant: optionally reload tenant rules on SIGUSR2 Actions
PA Feature #8116: Quic: encryption-handling config parameters Actions
SB Feature #8117: rules: flow.elephant keyword Actions
OD Feature #8128: rules/transform: add json_decode transform Actions
PA Feature #8130: http: http.uri should normalize the + into space as per RFC 1886 Actions
AI Feature #8138: windivert: Build using WinDivert 2 Actions
JI Feature #8139: defrag: alert on / reject >=3 layer overlaps Actions
VJ Feature #8174: frames: add --list-frames option Actions
PA Feature #8179: dcerpc.opnum: doesn't support operators >,<,!,= Actions
PA Feature #8222: nfs: log detailed response for versions other than v3 Actions
MM Feature #8225: dpdk: recognize net_pcap driver and stop after no packets are rx_bursted Actions
LS Feature #8227: hyperscan: test cache creation and pruning in CI Actions
OD Feature #8250: rules: distinct ip counting logic Actions
VJ Feature #8262: decoder: add IGMP support Actions
GL Feature #8276: imap: add parser, logger and sticky buffers Actions
VJ Feature #8285: firewall: support iprep in firewall mode Actions
JL Feature #8286: output/flush: Improve flushing coverage Actions
LS Feature #8320: dpdk: add Github CI live run tests for DPDK virtual devices Actions
LS Feature #8322: hs: add pruning stats details of removal reason Actions
LS Feature #8324: config: aggregate configuration node paths for mpm/spm settings Actions
VJ Feature #8327: detect: add eth.hdr keyword for inspecting ethernet header Actions
JF Feature #8335: pgsql: add keywords for better detection and coverage Actions
JF Feature #8339: stream/tcp: add counter(s) for stream async Actions
JF Feature #8361: stream/tcp: add flags keyword Actions
AA Feature #8385: datasets: add support for subdomain match Actions
Feature #8386: firewall: support HTTP2 hook states for per-frame accept/drop decisions Actions
OD Feature #8392: firewall: support FTP hook states for firewall rule evaluation Actions
Feature #8393: firewall: support SMTP hook states for firewall rule evaluation Actions
JI Feature #8394: firewall: support NTP hook states for firewall rule evaluation Actions
PA Feature #8395: firewall: support SNMP hook states for firewall rule evaluation Actions
JL Feature #8401: detect/thresholds: add telemetry for bucket depths Actions
Feature #8403: smb: add samr_UserInfo details to EVE logs Actions
Feature #8407: eve: in bridge mode, enable ethernet logging by default Actions
OD Feature #8408: firewall: support FTP-data hook states for firewall rule evaluation Actions
JI Feature #8425: ntp: add ntp transaction logging Actions
OD Feature #8426: rdp: applayer events for anomalous parsing results Actions
JI Feature #8429: rules: add ntp.mode keyword Actions
JI Feature #8430: rules: add ntp.version keyword Actions
JI Feature #8431: rules: add ntp.stratum keyword Actions
JI Feature #8477: rust: provide eve callback Actions
VJ Feature #8480: firewall: allow specifying multiple actions Actions
Feature #8485: snmp: add snmp.trap_oid keyword Actions
Feature #8486: snmp: add snmp.trap_address keyword Actions
LS Feature #8487: github-ci: add FreeBSD build test Actions
JI Feature #8488: ntp: use a buffer for reference id, not a u32 Actions
JF Feature #8514: firewall: analyzer: complete rule table coverage Actions
OD Feature #8516: http: include server header in default eve record as a field Actions
OD Feature #8520: quic: include server header in default eve record as a field Actions
SB Feature #8523: dcerpc: map opnum to the function names Actions
JI Optimization #2621: Convert setup scripts from sh/ed/sed to Python. Actions
PA Optimization #3540: krb5: use app-layer incomplete support Actions
JI Optimization #3707: Convert JSON Loggers to JsonBuilder Actions
CT Optimization #3734: af-packet: better support for csum offload Actions
JF Optimization #3766: Convert Stats to JsonBuilder Actions
JI Optimization #3836: Formatting rust code Actions
OD Optimization #4490: rust: see if we can use SuricataStreamingBufferConfig Actions
OD Optimization #4517: cbindgen export the constants from Rust to C, also for macro such as BIT_U8(1), and remove duplicate definitions between rust and C Actions
OD Optimization #4704: unix-socket: separate functionality from the unix socket interface Actions
VJ Optimization #4707: detect: unify internal buffer names to use <proto>.<buffer> naming Actions
OD Optimization #4747: app-layer: make tx iterator a mandatory part of the API Actions
OD Optimization #4802: af-packet: remove IPS support for tpacket-v3 Actions
OD Optimization #4806: af-packet: remove autofp support Actions
OD Optimization #4873: smb: midstream probing check affects performance Actions
JI Optimization #4936: Use Rust to parse unix socket messages Actions
OD Optimization #4937: Convert Rule Profile JSON output to JsonBuilder Actions
PC Optimization #4950: Code improvement in KRB5State.parse function Actions
VJ Optimization #4987: frames: unify handling of getting frame data, flags Actions
VJ Optimization #5076: keyword content does not work over reassembled TCP Actions
JF Optimization #5180: stream/tcp: flag 1st seen pkt w stream established Actions
SB Optimization #5207: Common Rust parser for *bits Actions
OD Optimization #5453: af-packet ips: floods packets that should be learned Actions
VJ Optimization #5476: decoder: compact & flexible storage of decoder data in the packet Actions
SB Optimization #5711: runmodes: Suricata does not hint anything about missing runmode Actions
OD Optimization #5787: detect/filestore: optimize http tx handling Actions
OD Optimization #6001: investigate: optional/configurable stats log verbosity Actions
OD Optimization #6002: stats/exception: allow configuring verbosity via unix socket Actions
OD Optimization #6061: cmdline: make --list-runmodes output friendlier Actions
PA Optimization #6188: ConfYamlLoadString: handle allocation failures Actions
JF Optimization #6225: exception: standardize log message about set-up value Actions
OD Optimization #6273: misc: clean up left over printf calls Actions
OD Optimization #6418: detect/parse: rule parser error uses outdated buffer Actions
PA Optimization #6502: schema: avoid - and . in keys Actions
OD Optimization #6652: Configuration values trigger error instead of warning messages Actions
OD Optimization #6654: pgsql: optimize PDU processing logic Actions
SB Optimization #6703: detect-engine/port: Explore Rank Balanced trees for post grouping uses Actions
OD Optimization #6704: CI: expand check for pcapng; also check `-nanosecond` Actions
LS Optimization #6747: dpdk: synchronized CPU stalls on Suricata workers Actions
OD Optimization #6850: investigate: overall, some modules may be way more verbose than needed Actions
SB Optimization #6960: fuzz: target to test signatures compatibility Actions
OD Optimization #7186: detect: represent direction with enum Actions
OD Optimization #7263: pgsql: limit tx.responses - configurable? Actions
CT Optimization #7266: detect/dns-query: clean-up and convert unit tests Actions
PA Optimization #7278: Merge detect-template.c and detect-template2.c to have a unique template with all features Actions
OD Optimization #7371: smb: events/counters for caches getting full Actions
OD Optimization #7423: eve/json: reduce default memory buffer size; remove double buffering Actions
JI Optimization #7430: dns: parse more than 255 name segments to find end of name Actions
OD Optimization #7441: config/port: Misleading message when port string is too long Actions
OD Optimization #7528: decode: remove duplicate counters tracking unknown ethertype values Actions
VJ Optimization #7585: af-packet: SOF_TIMESTAMPING_RAW_HARDWARE dangerous default leading to incorrect timestamps Actions
JF Optimization #7650: pgsql: clean up logging Actions
SB Optimization #7676: flow/manager: prepare for emergency mode earlier Actions
PA Optimization #7762: rust: finish moving extern C definitions to suricata_sys and bindgen Actions
LS Optimization #7835: pcap-file: move packet counter to PCAP packet structure Actions
PA Optimization #7889: detect/integers: move keywords from C to rust Actions
VJ Optimization #7994: pop3: parser improvements Actions
HL Optimization #8003: rust/sip: Some functions do redundant computing Actions
OD Optimization #8040: rust: convert nfs to nom 8 Actions
OD Optimization #8049: rust: convert http2 to nom 8 Actions
PA Optimization #8105: conf: timeout on too many scalar events Actions
JI Optimization #8187: rust: move extern C definition to suricata-lua-sys and bindgen Actions
PA Optimization #8254: detect/ssh: move code to rust Actions
PA Optimization #8255: detect/quic: move code to rust Actions
PA Optimization #8267: detect/smb: move code to rust Actions
PA Optimization #8298: detect/transform: have the Transform callback use const for the ctx Actions
PA Optimization #8310: detect/ike: move code to rust Actions
PA Optimization #8391: detect/dcerpc: move code to rust Actions
Optimization #8468: firewall: summarize warnings for missing hooks Actions
PA Optimization #8518: http2: for stream based tx, split progress handling per direction Actions
JI Task #2693: tracking: libsuricata Actions
VJ Task #3153: tracking: scan-build warnings Actions
JI Task #3166: tracking: src code file reorg Actions
OD Task #3334: rust: cleanup registration of C function pointers in SuricataContext Actions
VJ Task #3343: tracking: developer documentation Actions
EA Task #4023: Convert unittests to new FAIL/PASS API: detect-engine-address-ipv6.c Actions
VJ Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools Actions
JL Task #4143: tracking: file.data improvements Actions
JI Task #4429: libsuricata: Use cases with examples Actions
JI Task #4682: tracking: clean up globals and thread locals Actions
VJ Task #4773: research: IPS behavior wrt resource limits Actions
SB Task #4799: research: af-packet: review iface up/down logic Actions
VJ Task #5050: research: rules/frames: settle on rule syntax Actions
OD Task #5181: research: detect/engine-analyzer: add rule analyzer warnings about rules that could use the frame keyword/semantics/feature Actions
OD Task #5256: research: rust: see if we can reduce number of crate deps Actions
LS Task #5560: dpdk: Design a test-case for Suricata running as a secondary process Actions
VJ Task #5610: tracking: new protocol: telnet Actions
VJ Task #5613: counters: reduce size of data structure Actions
VJ Task #5615: counters: avoid duplicate work Actions
VJ Task #5678: tracking: improve handling of non-IP protocols Actions
VJ Task #5682: tracking: smb performance issues Actions
OD Task #5827: research: output/drop: make `drop reason` more informative Actions
OD Task #5840: dpdk: Design test cases for DPDK capture interface Actions
PA Task #6028: c: C11 _s style buffer handling calls Actions
JL Task #6029: c: require C11 Actions
VJ Task #6179: tracking: flash decompression deprecation and removal Actions
OD Task #6184: flash decompression: remove feature Actions
VJ Task #6217: research: increased tcp.overlap after file data changes Actions
OD Task #6258: misc: clean-up commented out code Actions
OD Task #6308: tracking: detect/analyzer: add more keyword details Actions
OF Task #6311: detect/analyzer: add more details for the flowint keyword Actions
VJ Task #6321: Convert unittests to new FAIL/PASS API - decode-raw.c Actions
OF Task #6323: Convert unittests to new FAIL/PASS API - ippair-bit.c Actions
JK Task #6324: Convert unittests to new FAIL/PASS API - stream-tcp-reassemble.c Actions
JS Task #6333: Convert unittests to new FAIL/PASS API - util-rule-vars.c Actions
VJ Task #6336: Convert unittests to new FAIL/PASS API - tests/detect-http-stat-code.c Actions
VJ Task #6338: Convert unittests to new FAIL/PASS API - tests/detect-http-stat-msg.c Actions
VJ Task #6340: Convert unittests to new FAIL/PASS API - tests/detect-http-method.c Actions
CO Task #6344: Convert unittests to new FAIL/PASS API - detect-pcre.c Actions
VJ Task #6346: Convert unittests to new FAIL/PASS API - detect-engine-dcepayload.c Actions
JK Task #6351: detect/analyzer: add more details for the xbits keyword Actions
LS Task #6382: github/actions: add DPDK 23.11 build Actions
JL Task #6476: ftp: parity of logging and detection buffers Actions
OD Task #6485: research: Scoring method for keywords and transforms Actions
OD Task #6489: test/stream/tcp-list: fix unittests Actions
OD Task #6545: tls-store: unify with file-store Actions
JF Task #6576: pgsql: log identifier for unknown messages? Actions
OD Task #6849: brainstorm: should certain eve ouput types be removed (eg syslog) Actions
OD Task #6917: [investigate] exceptions: are drop reasons unique to policies? Actions
JF Task #6929: eve/stats: make stats API aware of meaningful zero-values Actions
VJ Task #6951: tracking: nfs performance issues Actions
VJ Task #6968: decode: unify decode thread module with receive thread module Actions
GL Task #7030: arp: make arp opcodes into enum Actions
VJ Task #7061: content-inspect: expand accepted range of depth/offset/distance & related Actions
OD Task #7071: core/rust: use Direction enum for raw parser trigger fn Actions
OD Task #7161: detect prefilter: decide to enable it by default for a subset of keywords Actions
OD Task #7232: http-log: remove Actions
SB Task #7233: tls-log: remove (deprecated in Suricata 8) Actions
OD Task #7234: syslog: remove standalone syslog output Actions
OD Task #7452: ldap: add keywords to match output Actions
OD Task #7511: engine/analysis: store warnings and debugs in the rule struct Actions
OD Task #7578: engine/analysis: add info on filestore Actions
OD Task #7589: eve: deprecate syslog filetype for eve Actions
OD Task #7590: eve: remove syslog filetype Actions
JI Task #7627: events/rules: prevent ruleset loading blocks from name fixes Actions
LS Task #7642: tls: deprecate "default" as an option in encryption-handling node Actions
LS Task #7721: threading: make the Suricata 7 cpu affinity format obsolete Actions
OD Task #7737: fast log: add syslog as an file type Actions
PC Task #7738: ldap: update ldap-parser crate to 0.5.0 and refactor code Actions
SB Task #7742: ftp: trigger raw stream inspection Actions
SB Task #7743: http: trigger raw stream inspection Actions
OD Task #7744: tracking: rust: dependencies for 9.0 Actions
OD Task #7745: rust: set new minimum Rust version for Suricata 9.0 Actions
OD Task #7797: detect/alert: log event if discarding lower priority rule Actions
OD Task #7850: stats: add dedicated counters for firewall mode Actions
JF Task #7858: schema: allow stream events for stats Actions
SB Task #7863: smb: trigger raw stream inspection Actions
OD Task #7880: rust/bendy: update to address RUSTSEC-2020-0036 Actions
JF Task #7885: build-scopes: add QA or SIMULATION mode Actions
OD Task #7935: security: review security levels definitions Actions
VJ Task #7952: tracking: CWE-732: File created without restricting permissions Actions
OD Task #7957: umask: enable by default Actions
JL Task #7958: ci: Add multi-tenant test Actions
OD Task #8023: rust: nom 8 Actions
JI Task #8024: rust: convert dns to nom 8 Actions
JI Task #8025: rust: convert sip/sdp to nom 8 Actions
JI Task #8026: rust: convert ftp to nom 8 Actions
JI Task #8027: rust: convert app-layer template to nom 8 Actions
JI Task #8036: rust: convert dhcp to nom 8 Actions
JI Task #8037: rust: convert tftp to nom 8 Actions
JI Task #8038: rust: convert enip to nom 8 Actions
JI Task #8039: rust: convert pgsql to nom 8 Actions
JI Task #8041: rust: convert rfb to nom 8 Actions
JI Task #8042: rust: convert ssh to nom 8 Actions
JI Task #8043: rust: convert telnet to nom 8 Actions
JI Task #8044: rust: convert rdp to nom 8 Actions
JI Task #8045: rust: convert bt to nom 8 Actions
JI Task #8046: rust: convert ws to nom 8 Actions
JI Task #8047: rust: convert mqtt to nom 8 Actions
JI Task #8048: rust: convert mime to nom 8 Actions
JI Task #8050: rust: convert ike to nom 8 Actions
JI Task #8051: rust: convert detect to nom 8 Actions
OD Task #8078: threading: don't use thread local for packet pool Actions
JI Task #8086: rust: convert asn1 to nom 8 Actions
JI Task #8087: rust: convert conf to nom 8 Actions
JI Task #8088: rust: convert util to nom 8 Actions
JI Task #8089: rust: convert smb to nom 8 Actions
JI Task #8090: rust: convert htp to nom 8 Actions
JI Task #8093: rust: convert dcerpc to nom 8 Actions
JI Task #8095: libsuricata: expose API for reloading rulesets Actions
JI Task #8096: libsuricata: add live example usage of the Suricata library Actions
JI Task #8106: misc: don't use global for SCInstance Actions
OD Task #8109: libsuricata: allow user to change the name of the program Actions
VJ Task #8127: rust: convert pop3 to nom 8 Actions
JI Task #8140: rust: convert quic to nom 8 Actions
JI Task #8147: psl: crate should be updated on every release Actions
OD Task #8189: dns: deprecate v2 logging Actions
VJ Task #8204: firewall: add tests for hot reload of firewall mode rules Actions
SB Task #8269: rust: suppress nugatory RUSTSEC-2026-0009 for time crate Actions
JL Task #8337: capture/napatech: use fixed spacing for stream in thread name Actions
OD Task #8381: rust: auto-detect suitable rust version in ./configure Actions
JI Task #8382: rust: update minimum rust version to 1.85 Actions
VJ Task #8387: firewall: Validate and opt-in keywords that emit "has not been tested for firewall rules" warning Actions
OD Task #8397: firewall: enable content inspect keywords for firewall mode Actions
OD Task #8433: detect/transforms: Determine which transforms have error cases and can be handled like from_base64/pcrexform Actions
JI Task #8445: rust: provide bindings to thread storage Actions
JI Task #8446: rust: provide callbacks to flow life cycle Actions
JI Task #8447: rust: provide bindings to flow storage Actions
JI Task #8463: plugins: command line option to load a plugin Actions
JI Task #8467: rust: suppress rust audit notice for RUSTSEC-2026-0097 (rand) Actions
VJ Task #8481: snmp: add keywords to match output Actions
VJ Task #8482: snmp: add snmp.trap_type keyword Actions
JF Task #8521: [tracking] pgsql: protocol completion Actions
OD Documentation #2620: userguide: document tagged_packets / event_type packet Actions
JF Documentation #3028: No documentation for "pkt_data" keyword Actions
OD Documentation #4350: doc/devguide: transaction handling logic Actions
OD Documentation #4352: Devguide: Debugging Basics - pcap_cnt Actions
JF Documentation #4557: Add document about JsonBuilder Actions
JL Documentation #4658: Add/improve documentation for pcre substring capture logging Actions
VJ Documentation #4705: userguide: add sections about frame support Actions
JI Documentation #4708: devguide: Add Eve Output Plugins Actions
OD Documentation #4709: userguide: Add page about analyzing Suricata performance Actions
VJ Documentation #4980: doc/frames: document frame rule keyword Actions
OD Documentation #5008: userguide: add a protocol chart listing defaults Actions
VJ Documentation #5030: rules/endswith: doc wrong for offset/distance/within warning Actions
PA Documentation #5267: Meaning of insert_list_fail counter Actions
JF Documentation #5274: devguide: document how the alert flow works Actions
VJ Documentation #5465: doc/userguide: document terminating behavior of rule actions Actions
OD Documentation #5477: Json schema doesn't support thread stats Actions
JF Documentation #5532: userguide: have a section to mention and document the various ways stream-depth can be set Actions
VJ Documentation #5534: userguide: better document what TCP midstreams are for Suricata Actions
VJ Documentation #5543: userguide: document which keywords accept the prefilter keyword Actions
JF Documentation #5554: userguide: document behavior for actions like PASS, DROP, REJECT, BYPASS... Actions
JF Documentation #5575: docs: bring 'reporting bugs page' into userguide and update it Actions
JF Documentation #5612: devguide: add a chapter about Suricata's exception policies Actions
JF Documentation #5829: userguide: add context on "why/when an exception policy is applied" Actions
JF Documentation #5830: userguide: update & improve exception policy section Actions
OD Documentation #5869: userguide: describe what are the delta stats counters Actions
JF Documentation #5891: userguide: explain different log save directory in offline mode Actions
OD Documentation #5897: devguide: add section on generating code coverage reports locally Actions
OD Documentation #5910: devguide: explain possible differences in data inspection with inline stream or not Actions
OD Documentation #6026: userguide/suricata-yaml: update image on threading Actions
JF Documentation #6030: devguide: expand Suricata Internals chapter Actions
JT Documentation #6058: doc/configuration: clarify sig_id & gid_id for global threshold Actions
PA Documentation #6075: eve/schema: document http Actions
JF Documentation #6078: eve/schema: document pgsql Actions
PM Documentation #6096: eve/app-layer: generate example eve-log for each protocol Actions
JI Documentation #6097: eve/dhcp: generate example dhcp output Actions
JI Documentation #6098: eve/dns: generate example dns output Actions
OD Documentation #6180: userguide: add troubleshooting section Actions
OD Documentation #6219: userguide: add page about different usecases Actions
VJ Documentation #6369: stream: document stream.3whs_syn_flood and stream.3whs_synack_flood Actions
CT Documentation #6406: userguide: remove ambiguous "we" usages Actions
JI Documentation #6412: devguide: API upgrade notes Actions
SB Documentation #6434: eve/schema: document stats Actions
OD Documentation #6442: rtd: indicate that a page is for an outdated version Actions
OD Documentation #6451: userguide: update 'what is suricata' section Actions
JL Documentation #6452: userguide/ftp: clarify usage around ftp and ftp.data keyword Actions
OD Documentation #6484: userguide: add keyword performance results Actions
OD Documentation #6486: userguide: explain pkt_on_wrong_thread counter Actions
JL Documentation #6492: doc: explain how FTP works Actions
OD Documentation #6495: userguide: add section on SMTP event type Actions
OD Documentation #6626: devguide: add instructions for MacOS setup Actions
PO Documentation #6824: doc: Document every parameter of the configure script Actions
OD Documentation #7174: docs: investigate if RtD AddOns will impact our guides Actions
OD Documentation #7277: doc/actions: clarify 'pass' scope variations Actions
VJ Documentation #7348: userguide: explain SYSTEM and USER mode Actions
OD Documentation #7424: devguide: document pseudo packets Actions
OD Documentation #7580: userguide: add section for negated content Actions
VJ Documentation #7662: userguide: add section for rule hooks Actions
VJ Documentation #7680: userguide: document tx scoped xbits Actions
JF Documentation #7722: docs: add a glossary chapter Actions
OD Documentation #7755: doc: document ethtool offloads for common use Actions
JF Documentation #7793: eve/schema: document stats.decoder counters Actions
JS Documentation #7806: Keywords missing documentation Actions
JI Documentation #7840: userguide: document transaction loggers can be registered from a plugin Actions
OD Documentation #7921: docs: disambiguate 'frame' word usage Actions
JF Documentation #7937: docs: update backports policy for Suricata 7.0.x Actions
OD Documentation #7953: doc: umask option not documented Actions
OD Documentation #8011: userguide: document behavior/support for stream.async-oneside Actions
VJ Documentation #8031: isdataat: document different semantics between absolute and relative modes Actions
JL Documentation #8035: transform/luaxform: documentation states it supports init function Actions
JF Documentation #8113: doc: remove mention of suricata-7 in latest docs Actions
JL Documentation #8135: luaxform: options incorrectly described Actions
AI Documentation #8137: windivert: Add WinDivert to Windows build instructions Actions
AD Documentation #8261: doc/userguide: fix within-distance pointer graphics in payload-keywords doc Actions
VJ Documentation #8330: doc: explain dcerpc.opnum doesn't support operators >,<,!,= Actions
LS Documentation #8344: doc: update Rust install instructions Actions
GL Documentation #8347: eve-log: modbus not listed in suricata.yaml Actions
PA Documentation #8372: rules: fix typos/ missing keywords in rule examples Actions
JI Documentation #8506: datasets: typos in dataset documentation Actions
OD Documentation #8515: firewall: indicate to which app-layer state an app-proto keyword pertains Actions
VJ Security #8021: eve/alert: heap buffer overflow on verdict Actions
VJ Security #8065: lua: stack overflow from unbounded stack allocation in LuaPushStringBuffer Actions
VJ Security #8278: krb5: TCP parser never advances past the first record in a multi-record segment Actions
PA Security #8413: websocket: injected control frames can lead to evasion Actions

Also available in: TXT