hi there is an example show that quic can not detect well.
udp port not 443 or 80
quic.pcap (43.5 KB)
alert quic any any → any any (msg:“QUIC TEST”; sid:999;)
Suricata 7.0.1-dev (f58bc4d 2023-10-12)
UPDATE
modify quic decoder,add 16847 into the default port list ,it works.
why the any(dest port) not work?