suricata
suricata copied to clipboard
OISF
detect: add options to app-layer-protocol keyword
Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/4921
Describe changes:
- detect: app-layer-protocol keyword with modes
Allows especially to consider the final protocol to write rules like
alert tcp any any -> any 80 (msg:"non-HTTP traffic over HTTP standard port"; flow:to_server; app-layer-protocol:!http; sid:1;)
SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1613
#10626 with explicit mode direction for the default case
Codecov Report
Attention: Patch coverage is 37.63441% with 58 lines in your changes are missing coverage. Please review.
Project coverage is 83.59%. Comparing base (
f14a4a1) to head (d6fa4ac).
Additional details and impacted files
@@ Coverage Diff @@
## master #11022 +/- ##
==========================================
+ Coverage 80.66% 83.59% +2.92%
==========================================
Files 923 923
Lines 250204 250453 +249
==========================================
+ Hits 201833 209367 +7534
+ Misses 48371 41086 -7285
| Flag | Coverage Δ | |
|---|---|---|
| fuzzcorpus | 64.17% <31.18%> (-0.14%) |
:arrow_down: |
| livemode | 18.41% <0.00%> (-0.01%) |
:arrow_down: |
| suricata-verify | 62.75% <35.48%> (?) |
|
| unittests | 62.31% <15.05%> (-0.02%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov shows no coverage for the prefilter func, as well as for most of the new modes. Can you add some SV tests?
