Project

General

Profile

9.0.0-beta1

open

2%

307 issues   (0 closed — 307 open)

Issues by
Bug

0/56
Feature

0/121
Optimization

0/46
Task

0/70
Documentation

0/13
Security

0/1
Related issues
Bug #1722: ip rules don't trigger under the context of 'flow:stateless' Actions
Bug #1826: Rule validation bug with fast_pattern:only and specified buffers Actions
Bug #1926: rule parsing: wrong content checked for fast_pattern (snort compatibility) Actions
Bug #2205: detect: error on content relative to fast_pattern:only Actions
Bug #3083: DROP rule with "noalert" Actions
Bug #3218: detect: wrong matches with ssl_state Actions
Bug #3220: ssl_version keyword negation (!) not working Actions
Bug #3375: tracking: file tracking/inspection performance issues Actions
Bug #4135: dns: response only udp not detected as dns Actions
Bug #4220: detect: signature not hit with --simulate-ips option Actions
Bug #4482: detect: detect events not in rules, not tested (and not working?) Actions
Bug #4522: Rules with stream_size greater than not working Actions
Bug #4571: Unable to trigger rule by content in case of IPv4 in IPv4 encapsulation Actions
Bug #4786: xbits: no error on invalid 'expire' values Actions
Bug #4898: detect: Ensure detection events are logged Actions
Bug #4917: tls: leading GAP in toserver direction leads to various issues Actions
Bug #5031: flowbits - no error on invalid options Actions
Bug #5037: invalid timestamp in ending events Actions
Bug #5196: config: test mode should fail when there are invalid config values Actions
Bug #5255: Reported pcap_filename in alerts are not correct Actions
Bug #5704: Filestore is not working if landlock is enabled Actions
Bug #6370: plugins: install libsuricata-config by default, or with headers Actions
Bug #6384: rust: configure fails to persistently detect/remember cbindgen location Actions
Bug #6499: tcp.active_sessions and flow.active count will never reduce when using trex Actions
Bug #6591: protodetect: ftp parsed as smtp Actions
Bug #6663: Config rules does not disable logging. Actions
Bug #6743: stream/tcp: spurious retransmission seen as invalid Actions
Bug #6744: tcp: fast open packet not fully handled Actions
Bug #6865: BUG_ON triggered from AdjustToAcked Actions
Bug #6971: defrag: default policy is inconsistent Actions
Bug #6976: flow/action: not updated w pkt + flow:stateless rules Actions
Bug #7133: Could the midstream policy support "drop-packet"? Actions
Bug #7216: drop_reason counters don't support tunneled connections Actions
Bug #7254: dcerpc: parser does not support multiple PDUs Actions
Bug #7360: BUG_ON triggered from GetLeftEdge Actions
Bug #7376: dpdk: delayed detect won't fully start Suricata until the first traffic Actions
Bug #7378: dpdk: having too few hugepages can lead to segfault on startup Actions
Bug #7392: Verdict output reports "drop" when rejected Actions
Bug #7442: telnet: frame parser inaccuracies Actions
Bug #7544: Verdict output reports "alert" when traffic is allowed implicitly/passively Actions
Bug #7546: dcerpc: parser does not take fraglen into account Actions
Bug #7547: dcerpc: parser uses only one header for both directions Actions
Bug #7630: pass rules with alert; keyword log with a verdict of "alert" instead of "pass" Actions
Bug #7638: detect: incorrect rule ordering with more complex flowbit chains Actions
Bug #7641: pgsql: can the parser handle multi-statement in simple query Actions
Bug #7664: detect: coverity Dereference before null check Actions
Bug #7709: pop3: Use version 8.0, configure pop3 port 110, and no emails can be received Actions
Bug #7724: detect: wrong detect behavior for stream keywords no_stream and only_stream Actions
Bug #7771: flowbits: cyclic dependencies in flowbits are accepted by the engine Actions
Bug #7772: flowbits: no-op set and isset combinations are accepted Actions
Bug #7773: flowbits: no-op unset + isnotset combinations are accepted Actions
Bug #7774: flowbits: invalid set + toggle combinations are accepted Actions
Bug #7817: flowbits: invalid isset and isnotset combinations are accepted Actions
Bug #7818: flowbits: invalid set and unset combinations are accepted Actions
Bug #7841: gre: investigate possible parent flow missing Actions
Bug #7905: src: format truncation level 2 warnings Actions
Feature #635: output: missing keywords in list-keywords output Actions
Feature #1005: conditional logging: controlling what gets logged Actions
Feature #1542: dump-config - extend into multi-detect supplied yaml configuration Actions
Feature #1979: TCP/IP packets normalization/scrubbing Actions
Feature #1983: tls: events are directionless and trigger twice per flow direction Actions
Feature #1993: commandline: introduce --enable-all-outputs switch Actions
Feature #2375: Design and implement sensible per-thread capabilities Actions
Feature #2448: dns: additional buffers for DNS Responses Actions
Feature #2678: list-keywords: add info about fast_pattern and transforms Actions
Feature #2958: Suricata 5.0.0beta1 and way too much anomaly logging Actions
Feature #3003: filestore to uses rename syscall instead of sendfile,which doesn't allow files to be sent across file systems Actions
Feature #3065: tls_cert_XX keywords date format parsing error Actions
Feature #3236: output: list-keywords does not match on aliases Actions
Feature #3243: POP3 Support Actions
Feature #3446: app-layer: implement MySQL parser Actions
Feature #3636: eve: configuration options to enable all, none or just a default set of outputs Actions
Feature #3953: 8021BR E packet decoder Actions
Feature #4089: rules: Flexible format transform Actions
Feature #4136: configure: use Suricata-Update managed classification.config Actions
Feature #4153: app-layer: rust derive style macros to generate common code Actions
Feature #4174: tracking: app-layer frame inspection support Actions
Feature #4226: bsize: apply as depth to patterns Actions
Feature #4566: pgsql: add subprotocol-states Actions
Feature #4854: pgsql: Add COPY subprotocol-state Actions
Feature #4855: rules: refactor rule parsing into multi-stage parser Actions
Feature #4861: smb: support multi-stream file transfers Actions
Feature #4876: Additional FTP Buffers Actions
Feature #4906: ftp: add stream app-layer frame support Actions
Feature #4910: dpdk: implement secondary mode Actions
Feature #4946: nfsv2: implement WRITE support Actions
Feature #4965: protocol: SOCKS support Actions
Feature #4986: pgsql: support frames Actions
Feature #4990: eve/frames: make payload logging configurable Actions
Feature #5029: eve: telnet logger Actions
Feature #5044: rules: keyword for "count" of http_header_names Actions
Feature #5049: detect/frames: allow mixing with txs Actions
Feature #5194: tracking: options for simulating various exceptions Actions
Feature #5203: dpdk: implement primary app for Suricata secondary mode Actions
Feature #5217: ips: allow dropping of flow if applayer specific memcap is hit Actions
Feature #5286: ips: allow dropping of packet/flow when alert queue exceeded Actions
Feature #5415: tftp: support keywords such as file.name, file.data etc... Actions
Feature #5495: implement grace period for midstream exception policy Actions
Feature #5576: Dataset is setting data despite the signature being a complete match Actions
Feature #5640: frames: tx frames Actions
Feature #5642: DNS: parity between log fields and detection Actions
Feature #5664: "Scope" bits should have an expiration Actions
Feature #5726: ike: add frame support Actions
Feature #5775: http.headers - dynamic sticky buffers Actions
Feature #5826: frames: logging of events set on frames Actions
Feature #5838: dpdk: NIC encapsulation stripping Actions
Feature #5845: smb: Support SMB_COM_SESSION_SETUP_ANDX Request Actions
Feature #5973: warn when HTTP rules will only work for a specific version of HTTP Actions
Feature #5974: Midstream exception policy "reject-both" support Actions
Feature #6063: exception-policy: stream async policy Actions
Feature #6091: eve/alert: missing dhcp metadata Actions
Feature #6114: dpdk: wrap DPDK logs in a Suricata logger Actions
Feature #6210: outputs: add verdict event type Actions
Feature #6216: http: HHHash support Actions
Feature #6237: Multi-tenancy: Allow inner VLAN to be selected Actions
Feature #6261: Add GRE as a parsible protocol Actions
Feature #6293: Support disabling forced flow reuse in low memory conditions Actions
Feature #6368: stream/midstream: wscale setting Actions
Feature #6399: Per-thread stats values can be negative Actions
Feature #6409: Lua support for HTTP/2 Actions
Feature #6422: dpdk: expand on DPDK allocation hints Actions
Feature #6424: HTTP/2 - http.host behavior when both :authority pseudo header and host header are present Actions
Feature #6459: filebits: support for new type of bits Actions
Feature #6472: HTTP/3 support Actions
Feature #6651: quic: detect on non-standard ports Actions
Feature #6723: detect: review existing keywords for usage of enumerations Actions
Feature #6724: detect: review existing keywords for usage of bitflags Actions
Feature #6729: websockets: support over HTTP/2 Actions
Feature #6927: dpdk: add unit tests for threading and mempool cache size functions Actions
Feature #6936: landlock: enable by default Actions
Feature #6956: mqtt: create PDU frames without regard to the parsing function Actions
Feature #6996: add transformation to keyword performance stats Actions
Feature #6999: output/json: enrich EVE w/ libmaxminddb geoip info Actions
Feature #7068: protocol support: STUN Actions
Feature #7070: eve: internal state output facility Actions
Feature #7092: frames: support rules with multiple different frames Actions
Feature #7109: app-layer: stop generating anomalies after gap in the flow Actions
Feature #7117: dpdk: hardware timestamping for packets Actions
Feature #7125: threshold: by_src, by_dst, by_both should support vlan separation Actions
Feature #7177: http1: add frame support Actions
Feature #7211: detect/integers: support a count argument for array of integers Actions
Feature #7347: eve/alert: log file_data Actions
Feature #7351: transform/from_base64: Support "relative" offsets Actions
Feature #7399: ipv6: support short notation of ipv6 addresses in output Actions
Feature #7438: detect: add flow.rate keyword Actions
Feature #7470: detect/ldap: add ldap.bind.version keyword Actions
Feature #7480: detect/integers: array of integers should support an optional second argument to specify the index Actions
Feature #7514: rules: add file specific hooks Actions
Feature #7519: dpdk: verify the driver is DPDK-compatible on Intel cards Actions
Feature #7534: detect/ldap: add ldap.request.message_id and ldap.responses.message_id Actions
Feature #7536: detect/ldap: add keywords for LDAP BindRequest Actions
Feature #7537: detect/ldap: add keywords for LDAP SearchRequest Actions
Feature #7538: detect/ldap: keyword ldap.modify_request.operation Actions
Feature #7539: detect/ldap: add keyword ldap.mod_dn_request.new_rdn Actions
Feature #7566: dcerpc: applayer events for anomalous parsing results Actions
Feature #7571: list-keywords should somehow show the multi-buffer keywords Actions
Feature #7586: mime: expose 'headers' as a keyword Actions
Feature #7587: mime: add email.body_md5 keyword Actions
Feature #7600: mime: add rule keywords Actions
Feature #7629: dpdk: support for a hardware-accelerated input drop filter Actions
Feature #7646: pgsql: add CopyBoth subprotocol/mode Actions
Feature #7666: rust: zero-dependency crate suricata-core Actions
Feature #7672: detect/transforms: subslice transform Actions
Feature #7674: source/tunnels: config option to distinguish tunnels Actions
Feature #7691: detect: explore code embedded relationships between registered keywords Actions
Feature #7711: tracking: detect: add detection hooks to inspect/drop before stateful components Actions
Feature #7717: vxlan: treat as its own tunnel Actions
Feature #7753: vxlan: decoder drops packets with non-zero reserved fields Actions
Feature #7768: ips: improve file.data support Actions
Feature #7801: Support multi-buffer byte variables Actions
Feature #7816: Add alternative to file magic Actions
Feature #7830: hyperscan: support cache invalidation and removal Actions
Feature #7832: github-ci: add live hyperscan caching tests Actions
Feature #7871: dpdk: rte_flow capture bypass Actions
Feature #7875: list-keywords should somehow show the integer keywords Actions
Feature #7894: output: log http2.window when needed Actions
Feature #7904: http: support zstd compression Actions
Optimization #2621: Convert setup scripts from sh/ed/sed to Python. Actions
Optimization #3540: krb5: use app-layer incomplete support Actions
Optimization #3707: Convert JSON Loggers to JsonBuilder Actions
Optimization #3734: af-packet: better support for csum offload Actions
Optimization #3766: Convert Stats to JsonBuilder Actions
Optimization #4490: rust: see if we can use SuricataStreamingBufferConfig Actions
Optimization #4517: cbindgen export the constants from Rust to C, also for macro such as BIT_U8(1), and remove duplicate definitions between rust and C Actions
Optimization #4747: app-layer: make tx iterator a mandatory part of the API Actions
Optimization #4802: af-packet: remove IPS support for tpacket-v3 Actions
Optimization #4806: af-packet: remove autofp support Actions
Optimization #4873: smb: midstream probing check affects performance Actions
Optimization #4937: Convert Rule Profile JSON output to JsonBuilder Actions
Optimization #4950: Code improvement in KRB5State.parse function Actions
Optimization #4987: frames: unify handling of getting frame data, flags Actions
Optimization #5076: keyword content does not work over reassembled TCP Actions
Optimization #5207: Common Rust parser for *bits Actions
Optimization #5453: af-packet ips: floods packets that should be learned Actions
Optimization #5476: decoder: compact & flexible storage of decoder data in the packet Actions
Optimization #5787: detect/filestore: optimize http tx handling Actions
Optimization #6001: investigate: optional/configurable stats log verbosity Actions
Optimization #6002: stats/exception: allow configuring verbosity via unix socket Actions
Optimization #6061: cmdline: make --list-runmodes output friendlier Actions
Optimization #6188: ConfYamlLoadString: handle allocation failures Actions
Optimization #6225: exception: standardize log message about set-up value Actions
Optimization #6418: detect/parse: rule parser error uses outdated buffer Actions
Optimization #6502: schema: avoid - and . in keys Actions
Optimization #6652: Configuration values trigger error instead of warning messages Actions
Optimization #6654: pgsql: optimize PDU processing logic Actions
Optimization #6703: detect-engine/port: Explore Rank Balanced trees for post grouping uses Actions
Optimization #6704: CI: expand check for pcapng; also check `-nanosecond` Actions
Optimization #6747: dpdk: synchronized CPU stalls on Suricata workers Actions
Optimization #6960: fuzz: target to test signatures compatibility Actions
Optimization #7186: detect: represent direction with enum Actions
Optimization #7251: dcerpc: mimic gap behavior if invalid data is sent to protocol parser Actions
Optimization #7263: pgsql: limit tx.responses - configurable? Actions
Optimization #7266: detect/dns-query: clean-up and convert unit tests Actions
Optimization #7371: smb: events/counters for caches getting full Actions
Optimization #7423: eve/json: reduce default memory buffer size; remove double buffering Actions
Optimization #7430: dns: parse more than 255 name segments to find end of name Actions
Optimization #7441: config/port: Misleading message when port string is too long Actions
Optimization #7528: decode: remove duplicate counters tracking unknown ethertype values Actions
Optimization #7650: pgsql: clean up logging Actions
Optimization #7676: flow/manager: prepare for emergency mode earlier Actions
Optimization #7762: rust: finish moving extern C definitions to suricata_sys and bindgen Actions
Optimization #7835: pcap-file: move packet counter to PCAP packet structure Actions
Optimization #7889: detect/integers: move keywords from C to rust Actions
Task #2693: tracking: libsuricata Actions
Task #3153: tracking: scan-build warnings Actions
Task #3166: src code file reorg Actions
Task #3334: rust: cleanup registration of C function pointers in SuricataContext Actions
Task #3343: tracking: developer documentation Actions
Task #3836: Formatting rust code Actions
Task #4082: ftp: convert parser to Rust Actions
Task #4098: smtp: convert parser to Rust Actions
Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools Actions
Task #4143: tracking: file.data improvements Actions
Task #4161: tls: convert parser to Rust Actions
Task #4429: libsuricata: Use cases with examples Actions
Task #4704: unix-socket: separate functionality from the unix socket interface Actions
Task #4707: detect: unify internal buffer names to use <proto>.<buffer> naming Actions
Task #4773: research: IPS behavior wrt resource limits Actions
Task #4799: af-packet: review iface up/down logic Actions
Task #4919: Add option to change sensor-name log field Actions
Task #4936: Use Rust to parse unix socket messages Actions
Task #5050: rules/frames: settle on rule syntax Actions
Task #5181: detect/engine-analyzer: add rule analyzer warnings about rules that could use the frame keyword/semantics/feature Actions
Task #5256: rust: see if we can reduce number of crate deps Actions
Task #5560: dpdk: Design a test-case for Suricata running as a secondary process Actions
Task #5610: tracking: new protocol: telnet Actions
Task #5682: tracking: smb performance issues Actions
Task #5827: [investigate] output/drop: make `drop reason` more informative Actions
Task #5840: dpdk: Design test cases for DPDK capture interface Actions
Task #6028: c: C11 _s style buffer handling calls Actions
Task #6029: c: require C11 Actions
Task #6179: tracking: flash decompression deprecation and removal Actions
Task #6184: flash decompression: remove feature Actions
Task #6217: research: increased tcp.overlap after file data changes Actions
Task #6258: misc: clean-up commented out code Actions
Task #6273: misc: clean up left over printf calls Actions
Task #6308: detect/analyzer: add more keyword details Actions
Task #6382: Add DPDK 23.11 build to Github Actions Actions
Task #6474: detect: smtp body inspection keyword Actions
Task #6476: ftp: parity of logging and detection buffers Actions
Task #6485: [investigate] Scoring method for keywords and transforms Actions
Task #6489: test/stream/tcp-list: fix unittests Actions
Task #6545: tls-store: unify with file-store Actions
Task #6576: pgsql: log identifier for unknown messages? Actions
Task #6849: brainstorm: should certain eve ouput types be removed (eg syslog) Actions
Task #6917: [investigate] exceptions: are drop reasons unique to policies? Actions
Task #6929: eve/stats: make stats API aware of meaningful zero-values Actions
Task #6951: tracking: nfs performance issues Actions
Task #6968: decode: unify decode thread module with receive thread module Actions
Task #7030: arp: make arp opcodes into enum Actions
Task #7061: content-inspect: expand accepted range of depth/offset/distance & related Actions
Task #7071: core/rust: use Direction enum for raw parser trigger fn Actions
Task #7232: http-log: remove Actions
Task #7233: tls-log: remove (deprecated in Suricata 8) Actions
Task #7234: syslog: remove standalone syslog output Actions
Task #7452: ldap: add keywords to match output Actions
Task #7511: engine/analysis: store warnings and debugs in the rule struct Actions
Task #7578: engine/analysis: add info on filestore Actions
Task #7589: eve: deprecate syslog filetype for eve Actions
Task #7590: eve: remove syslog filetype Actions
Task #7627: events/rules: prevent ruleset loading blocks from name fixes Actions
Task #7642: tls: deprecate "default" as an option in encryption-handling node Actions
Task #7721: threading: make the Suricata 7 cpu affinity format obsolete Actions
Task #7737: fast log: add syslog as an file type Actions
Task #7738: ldap: update ldap-parser crate to 0.5.0 and refactor code Actions
Task #7742: ftp: trigger raw stream inspection Actions
Task #7743: http: trigger raw stream inspection Actions
Task #7744: tracking: rust: dependencies for 9.0 Actions
Task #7745: rust: set new minimum Rust version for Suricata 9.0 Actions
Task #7797: detect/alert: log event if discarding lower priority rule Actions
Task #7850: stats: add dedicated counters for firewall mode Actions
Task #7858: schema: allow stream events for stats Actions
Task #7863: smb: trigger raw stream inspection Actions
Documentation #3028: No documentation for "pkt_data" keyword Actions
Documentation #4557: Add document about JsonBuilder Actions
Documentation #4980: doc/frames: document frame rule keyword Actions
Documentation #5477: Json schema doesn't support thread stats Actions
Documentation #5543: userguide: document which keywords accept the prefilter keyword Actions
Documentation #5897: devguide: add section on generating code coverage reports locally Actions
Documentation #5910: devguide: explain possible differences in data inspection with inline stream or not Actions
Documentation #6075: eve/schema: document http Actions
Documentation #6078: eve/schema: document pgsql Actions
Documentation #6369: stream: document stream.3whs_syn_flood and stream.3whs_synack_flood Actions
Documentation #6442: rtd: indicate that a page is for an outdated version Actions
Documentation #6484: userguide: add keyword performance results Actions
Documentation #7174: docs: investigate if RtD AddOns will impact our guides Actions
Security #6187: detect: handle allocation failures during rule reload Actions

Also available in: TXT