Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: add rule to check for tcp_mss - v2 #1436

Closed
wants to merge 1 commit into from
Closed

tests: add rule to check for tcp_mss - v2 #1436

wants to merge 1 commit into from

Conversation

0xEniola
Copy link
Contributor

@0xEniola 0xEniola commented Oct 23, 2023
edited
Loading

Test for rule type for tcp-mss keyword

Related to
Issue: #6355

Redmine ticket: https://redmine.openinfosecfoundation.org/issues/6355

Suricata PR: OISF/suricata#9681

@0xEniola
tests: add rule to check for tcp_mss
203e305 
Related to
Issue: #6355
@jufajardini jufajardini added outreachy Contributions made by Outreachy applicants requires suricata pr Depends on a PR in Suricata labels Oct 23, 2023
jufajardini
jufajardini requested changes Oct 23, 2023
View reviewed changes
Copy link
Contributor

@jufajardini jufajardini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work, I'm wondering about the rules - if we should have more.

I think there will be more work to be done here, depending on how the Suri side progresses...

tests/rules/tcp-mss/test.rules
Comment on lines +1 to +4
alert tcp any any -> any any (msg:"Testing mss"; tcp.mss:50; sid:1;)
alert tcp any any -> any any (msg:"Testing mss"; tcp.mss:>123; sid:2;)
alert tcp any any -> any any (msg:"Testing mss"; tcp.mss:<536; sid:3;)
alert tcp any any -> any any (msg:"Testing mss"; tcp.mss:123-456; sid:4;)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wondering if it would make sense to include other rules with the other possible operands here...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wondering if it would make sense to include other rules with the other possible operands here...

I wrote the rules based off the format instruction for tcp.mss provided on the userguide.

So I don't know exactly.

But if you say to add it, then no problem still.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's why I said I'm wondering. On the one hand, it makes sense to showcase what the userguide says. On the other, it can be good to stretch things a bit and see how Suri reacts, you see?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's why I said I'm wondering. On the one hand, it makes sense to showcase what the userguide says. On the other, it can be good to stretch things a bit and see how Suri reacts, you see?

Yes! I understand.

@inashivb inashivb mentioned this pull request Oct 24, 2023
Closed
@0xEniola 0xEniola closed this Nov 11, 2023
@0xEniola 0xEniola deleted the sv-task-6355-v2 branch January 31, 2024 15:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini jufajardini requested changes

Assignees
No one assigned
Labels
outreachy Contributions made by Outreachy applicants requires suricata pr Depends on a PR in Suricata
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@0xEniola @jufajardini