suricata
suricata copied to clipboard
Published
20 hours ago •
OISF
OISF
smb: New keyword smb.version v5
Make sure these boxes are signed before submitting your Pull Request -- thank you.
- [X] I have read the contributing guide lines at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing
- [X] I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/
- [X] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)
Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/5075
Describe changes:
- New keyword smb.version added, which allows to match the packets of specif version of smb, that can be 1 or 2.
- Documentation for the keyword added (created SMB keyword documentation)
Example of rule alert smb any any -> any any (msg: "SMBv2 message"; smb.version: 2; sid: 1;) . More examples in documentation.
suricata-verify-pr: 740
Codecov Report
Merging #7336 (421a5ad) into master (2ebb525) will decrease coverage by
1.91%. The diff coverage is77.27%.
@@ Coverage Diff @@
## master #7336 +/- ##
==========================================
- Coverage 77.68% 75.77% -1.92%
==========================================
Files 628 657 +29
Lines 185657 190109 +4452
==========================================
- Hits 144232 144046 -186
- Misses 41425 46063 +4638
| Flag | Coverage Δ | |
|---|---|---|
| fuzzcorpus | 60.25% <30.00%> (+2.20%) |
:arrow_up: |
| suricata-verify | 51.58% <82.92%> (-2.87%) |
:arrow_down: |
| unittests | 61.01% <32.43%> (-2.03%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Closing due to inactivity. If you're interested in picking this back up, please open a new PR addressing the comments. Thanks!
