Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect: allow rule which need both directions to match #12405

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

detect: allow rule which need both directions to match #12405

wants to merge 1 commit into from
+345 −12

Conversation

catenacyber
Copy link
Contributor

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/5665

Describe changes:

  • allows bidirectional signature matching !

SV_BRANCH=OISF/suricata-verify#2083

#11900 with commits squashed together

Ongoing question : usage of new keyword bidir.toserver or tweaking flow: toserver(or something else) in the case of a bidirectional signature with direction-ambiguous keywords ?

@catenacyber
detect: allow rule which need both directions to match
8ee9d12 
Ticket: 5665

This is done with `alert ip any any => any any`
The => operator means that we will need both directions
@catenacyber catenacyber mentioned this pull request Jan 16, 2025
Closed
@codecov Codecov
Copy link

codecov bot commented Jan 16, 2025

Codecov Report

Attention: Patch coverage is 76.34409% with 44 lines in your changes missing coverage. Please review.

Project coverage is 80.64%. Comparing base (078c646) to head (8ee9d12).

Additional details and impacted files 
@@           Coverage Diff            @@
##           master   #12405    +/-   ##
========================================
  Coverage   80.63%   80.64%            
========================================
  Files         917      917            
  Lines      258687   258864   +177     
========================================
+ Hits       208601   208752   +151     
- Misses      50086    50112    +26
Flag Coverage Δ
fuzzcorpus 56.78% <38.70%> (-0.03%) ⬇️
livemode 19.38% <10.75%> (-0.02%) ⬇️
pcap 44.27% <26.88%> (+0.01%) ⬆️
suricata-verify 63.28% <74.73%> (+0.06%) ⬆️
unittests 58.49% <31.18%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 24242

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @suricata-qa