Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect: app-layer-protocol keyword with modes #10256

Closed
wants to merge 1 commit into from
Closed

detect: app-layer-protocol keyword with modes #10256

wants to merge 1 commit into from

Conversation

catenacyber
Copy link
Contributor

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/4921

Describe changes:

  • detect: app-layer-protocol keyword with modes

Allows especially to consider the final protocol to write rules like
alert tcp any any -> any 80 (msg:"non-HTTP traffic over HTTP standard port"; flow:to_server; app-layer-protocol:!http; sid:1;)

SV_BRANCH=pr/1613

OISF/suricata-verify#1613

@suricata-qa
Copy link

WARNING:

field baseline test %
build_asan

Pipeline 17767

@catenacyber catenacyber force-pushed the detect-app-layer-proto-4921-v1 branch from 25df136 to 193959f Compare January 29, 2024 13:58
@catenacyber catenacyber marked this pull request as draft January 29, 2024 13:58
@catenacyber
Copy link
Contributor Author

Draft because of messy history, checking for CI

@catenacyber
detect: app-layer-protocol keyword with modes
f4ee0ae 
Ticket: 4921

app-layer-protocol keyword accept an optional mode to precise
which protocol we want to match: toclient, toserver, final,
or original
@catenacyber catenacyber force-pushed the detect-app-layer-proto-4921-v1 branch from 193959f to f4ee0ae Compare January 29, 2024 14:03
@suricata-qa
Copy link

WARNING:

field baseline test %
build_asan

Pipeline 17820

@codecov Codecov
Copy link

codecov bot commented Jan 29, 2024

Codecov Report

Attention: 55 lines in your changes are missing coverage. Please review.

Comparison is base (c3b3c11) 82.28% compared to head (f4ee0ae) 82.30%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #10256      +/-   ##
==========================================
+ Coverage   82.28%   82.30%   +0.01%     
==========================================
  Files         977      977              
  Lines      271950   272008      +58     
==========================================
+ Hits       223784   223886     +102     
+ Misses      48166    48122      -44
Flag Coverage Δ
fuzzcorpus 63.48% <32.22%> (+0.08%) ⬆️
suricata-verify 61.50% <36.66%> (-0.03%) ⬇️
unittests 62.81% <15.55%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 17821

@victorjulien
Copy link
Member

Title doesn't give me any idea what this is about, so I guess it would be good to pick a better title/subject here

@catenacyber catenacyber mentioned this pull request Feb 1, 2024
Closed
@catenacyber
Copy link
Contributor Author

Title doesn't give me any idea what this is about, so I guess it would be good to pick a better title/subject here

Tried better in #10296

@catenacyber catenacyber closed this Feb 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@catenacyber @suricata-qa @victorjulien