Open Information Security Foundation

04/24/2025

06:11 PM Suricata Feature #7675: Custom content detection

This is a follow up of https://redmine.openinfosecfoundation.org/issues/7154#note-5 Hans Vermeer

06:11 PM Suricata Feature #7675 (New): Custom content detection

There currently exist many different ways to match on content, for example, PCRE, entropy, exact matches, base64 deco... Hans Vermeer

04/08/2025

07:55 PM Suricata Bug #7285: Websocket compression mishandling

It looks like it should catch most websocket connections fine, but is still missing a couple of spec requirements to ... Hans Vermeer

12/18/2024

02:00 PM Suricata Task #7154: plugins: add template detection plugin

Would this cover custom content detection plugins?
For example, an extra callback in DetectEngineContentInspectionIn... Hans Vermeer

01:41 PM Suricata Bug #7466: lua: Flowvar memory leak

I've attached a test (including the stderr) for the given lua code... Hans Vermeer

04:21 AM Suricata Bug #7466 (Closed): lua: Flowvar memory leak

In LuaSetFlowvar -> LuaSetFlowvarByKey, the key is malloced:... Hans Vermeer

12:36 PM Suricata Bug #7467: detect: checksum detection broken by stream.checksum-validation

I've attached a test I created with stream.checksum-validation=yes then switching to stream.checksum-validation=no fa... Hans Vermeer

04:29 AM Suricata Bug #7467 (Closed): detect: checksum detection broken by stream.checksum-validation

Taken from https://forum.suricata.io/t/custom-content-detection/4784/5
As mentioned in the issue, when stream.chec... Hans Vermeer

04:38 AM Suricata Support #7463: Can I compile suricata into statically build file?

We've managed to do this successfully, however, the plugin loading has a dlopen, patching this out (Its sadly not a c... Hans Vermeer

09/26/2024

07:49 PM Suricata Feature #5499: PCAP-over-IP client

In case this will be picked up again to merge into main, I've attached a dirty patch we applied to commit 31bed10ff66... Hans Vermeer