Skip to content

Add payload-only-classtypes filtering to suricata conf to filter payl…#14737

Open
Aboussejra wants to merge 1 commit intoOISF:mainfrom
Aboussejra:payload-classtype-filter-feature-8245-v4
Open

Add payload-only-classtypes filtering to suricata conf to filter payl…#14737
Aboussejra wants to merge 1 commit intoOISF:mainfrom
Aboussejra:payload-classtype-filter-feature-8245-v4

Conversation

@Aboussejra
Copy link

@Aboussejra Aboussejra commented Feb 2, 2026
edited
Loading

…oad dump by classtype if needed

Make sure these boxes are checked accordingly before submitting your Pull Request -- thank you.

Contribution style:

Our Contribution agreements:

Changes (if applicable):

Link to ticket: https://redmine.openinfosecfoundation.org/issues/

Describe changes:

Provide values to any of the below to override the defaults.

  • To use a Suricata-Verify or Suricata-Update pull request,
    link to the pull request in the respective _BRANCH variable.
  • Leave unused overrides blank or remove.

SV_REPO=
SV_BRANCH=OISF/suricata-verify#2895
SU_REPO=
SU_BRANCH=

@Aboussejra Aboussejra mentioned this pull request Feb 2, 2026
Closed
5 tasks
victorjulien
victorjulien requested changes Feb 3, 2026
View reviewed changes
Copy link
Member

@victorjulien victorjulien left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not convinced the string based design is the best here.

src/output-json-alert.c
}

// Check if classtype in alert matches any in the filter list
const char *alert_classtype = pa->s->classtype;
Copy link
Member

@victorjulien victorjulien Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not too fond of this strcmp loop in a critical path. Can we find a better solution? E.g. a class id in a bitarray or something?

@codecov
Copy link

codecov bot commented Feb 3, 2026

Codecov Report

❌ Patch coverage is 76.92308% with 15 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.16%. Comparing base (81572cb) to head (02e78f3).
⚠️ Report is 7 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14737      +/-   ##
==========================================
- Coverage   82.17%   82.16%   -0.02%     
==========================================
  Files        1008     1008              
  Lines      263916   263979      +63     
==========================================
+ Hits       216868   216890      +22     
- Misses      47048    47089      +41
Flag Coverage Δ
fuzzcorpus 60.18% <20.00%> (-0.02%) ⬇️
livemode 18.75% <23.07%> (+0.04%) ⬆️
netns 18.48% <15.38%> (-0.04%) ⬇️
pcap 44.62% <24.61%> (+<0.01%) ⬆️
suricata-verify 65.29% <76.92%> (-0.08%) ⬇️
unittests 59.34% <9.23%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@victorjulien victorjulien victorjulien requested changes

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Aboussejra @victorjulien