suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

Document rules internals - v2

Open jufajardini opened this issue 2 years ago • 1 comments

Added a page that explains how rules are prioritized by Suri, as well as what main different types of inspection happen and what elements are involved when ordering rules.

Task #5449

Previous PR: https://github.com/OISF/suricata/pull/7635

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/5449

Describe changes:

  • Add section elaborating on IPOnly rules and how the applayer state machine can affect when rules are inspected, regardless of rules internal priorities
  • typo fixes

jufajardini avatar Jul 28 '22 19:07 jufajardini

Codecov Report

Merging #7655 (7aabfc2) into master (61f9f0d) will decrease coverage by 0.01%. The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #7655      +/-   ##
==========================================
- Coverage   75.78%   75.77%   -0.02%     
==========================================
  Files         659      659              
  Lines      185660   185660              
==========================================
- Hits       140706   140682      -24     
- Misses      44954    44978      +24
Flag Coverage Δ
fuzzcorpus 60.16% <ø> (ø)
suricata-verify 52.53% <ø> (-0.01%) :arrow_down:
unittests 60.72% <ø> (-0.01%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

codecov[bot] avatar Jul 28 '22 19:07 codecov[bot]

Continued at: https://github.com/OISF/suricata/pull/7721

jufajardini avatar Aug 12 '22 21:08 jufajardini