suricata
suricata copied to clipboard
smb: New keyword smb.version v5
Make sure these boxes are signed before submitting your Pull Request -- thank you.
- [X] I have read the contributing guide lines at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing
- [X] I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/
- [X] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)
Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/5075
Describe changes:
- New keyword smb.version added, which allows to match the packets of specif version of smb, that can be 1 or 2.
- Documentation for the keyword added (created SMB keyword documentation)
Example of rule alert smb any any -> any any (msg: "SMBv2 message"; smb.version: 2; sid: 1;)
. More examples in documentation.
suricata-verify-pr: 740
Codecov Report
Merging #7336 (421a5ad) into master (2ebb525) will decrease coverage by
1.91%
. The diff coverage is77.27%
.
@@ Coverage Diff @@
## master #7336 +/- ##
==========================================
- Coverage 77.68% 75.77% -1.92%
==========================================
Files 628 657 +29
Lines 185657 190109 +4452
==========================================
- Hits 144232 144046 -186
- Misses 41425 46063 +4638
Flag | Coverage Δ | |
---|---|---|
fuzzcorpus | 60.25% <30.00%> (+2.20%) |
:arrow_up: |
suricata-verify | 51.58% <82.92%> (-2.87%) |
:arrow_down: |
unittests | 61.01% <32.43%> (-2.03%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
Closing due to inactivity. If you're interested in picking this back up, please open a new PR addressing the comments. Thanks!