Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect bidir 5665 v10 #10904

Closed
wants to merge 4 commits into from
Closed

Detect bidir 5665 v10 #10904

wants to merge 4 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/5665

Describe changes:

  • allows bidirectional signature matching !

SV_BRANCH=OISF/suricata-verify#1786

Draft again because of second commit
General feedback expected :-)

TODO :

  • Give me better names
  • Where should I document these new keywords bidir.toclient ?
  • more tests !!!! Throw me rules examples ! negative and positive...

#10818 with additional commit to not require unambiguous keyword to specify their direction in the case there was previously some ambiguous keyword with a direction...

@catenacyber
detect: allow rule which need both directions to match
c1e3435 
Ticket: 5665

This is done with `alert ip any any => any any`
The => operator means that we will need both directions
@catenacyber
detect: bidirectional rules can use dir-ambiguous keywords
62c2461 
By using keywords bidir.toclient and bidir.toserver, the following
keywords are forced to the direction even if they can match
on both directions.

Ticket: 5665
@catenacyber
detect: bidirectional rules allow fast_pattern to client
0ed6185
@catenacyber
detect/bidir:be more friendly for directions and keywords
337d218 
Do not require a rule to use bidir.toserver after the usage of
bidir.toclient for unambiguous keywords, where the rule writer
does not want to explicit the redundant direction.
@catenacyber catenacyber mentioned this pull request Apr 18, 2024
Closed
@suricata-qa
Copy link

ERROR:

ERROR: QA failed on SURI_TLPW1_files_sha256.

Pipeline 20203

@catenacyber catenacyber mentioned this pull request Jun 5, 2024
Closed
@catenacyber
Copy link
Contributor Author

Rebased in #11246

@catenacyber catenacyber closed this Jun 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini will be requested when the pull request is marked ready for review jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien will be requested when the pull request is marked ready for review victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @suricata-qa