Jeff Lucovsky
Jeff Lucovsky
Continuation of #7785 This PR extends Suricata's support for VLANs from 2 to 3 levels. There is no standard for 3 levels of VLANs but 3 levels are not uncommon...
Continuation of #10228 (cherry picked from commit 7b0a5dae6049cc49fee8f04a245a309aed7eaff3) Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: [6362](https://redmine.openinfosecfoundation.org/issues/6362) Describe changes: - Cherry-pick of fix from #9559 Updates - Added commit for documentation update. ### Provide...
Issue: 5172 This commit forces the current stream to be closed when a hard error occurs. Without this commit, a hard error will force a 2nd connection the stream that...
Continuation of #9802 Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: [3449](https://redmine.openinfosecfoundation.org/issues/3449) Describe changes: - Add EVE configuration parameter to control buffering: `buffer-size`. When 0, unbuffered I/O is used; other values are used to...
Continuation of #9709 Issue: 6408 Use the Suricata thread id for plugin thread initialization to give the plugin a better correlating factor to the actual Suricata threads. Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues)...
Continuation of #10005 Add a new MT selector type to support use cases where a VLAN tuple should be used to determine the MT tenant. Packets with one VLAN id...
Continuation of #11017 Convert the byte_extract option parser from C to Rust. Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: [6873](https://redmine.openinfosecfoundation.org/issues/6873) Describe changes: - Refactor code in rust/src/detect to support re-usability - Implement the...
Continuation of #10991 This PR provides the `from_base64` transform used to match on content decoded with base64 using the mode (default rfc4648). Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: [6487](https://redmine.openinfosecfoundation.org/issues/6487) Describe changes: -...
Continuation of #10988 When configured, include the reference value in the alert. The configuration value is in the `alert` section: types.alert.reference. The default value is off/no. Set to yes to...
7.0.x backport of issue: 6861 Without this commit, disabling rule profiling via suricatasc's command 'ruleset-profile-stop' may crash because profiling_rules_entered becomes negative. This can happen because - There can be multiple...