suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

Document rules internals - v3

Open jufajardini opened this issue 2 years ago • 1 comments

Added a page that explains how rules are prioritized by Suri, as well as what main different types of inspection happen and what elements are involved when ordering rules.

Task https://github.com/OISF/suricata/pull/5449

Previous PR: https://github.com/OISF/suricata/pull/7655

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/5449

Describe changes:

  • re-explain the portion about IPOnly rules
  • add an example based on a support request

jufajardini avatar Aug 12 '22 21:08 jufajardini

Codecov Report

Merging #7721 (7ebada8) into master (9b4a133) will decrease coverage by 0.01%. The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #7721      +/-   ##
==========================================
- Coverage   75.99%   75.97%   -0.02%     
==========================================
  Files         660      660              
  Lines      185718   185716       -2     
==========================================
- Hits       141131   141094      -37     
- Misses      44587    44622      +35
Flag Coverage Δ
fuzzcorpus 60.72% <ø> (+0.02%) :arrow_up:
suricata-verify 52.58% <ø> (+0.01%) :arrow_up:
unittests 60.70% <ø> (-0.01%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

codecov[bot] avatar Aug 12 '22 22:08 codecov[bot]

Closing this for now as there's still work to be done and higher-priority issues got in the way. Will come back to this later.

jufajardini avatar Apr 05 '23 14:04 jufajardini