Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect/analyzer: add more details for tcp_mss - v5 #9777

Closed
wants to merge 1 commit into from
Closed

detect/analyzer: add more details for tcp_mss - v5 #9777

wants to merge 1 commit into from

Conversation

0xEniola
Copy link
Contributor

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/6355

Previous PR: #9776

Describe changes:

  • Incorporate feedback from last PR; to fix addressing issues.

Output:

{
  "raw": "alert tcp any any -> any any (msg: "Testing mss"; tcp.mss: 123-456; sid: 4;)",
  "id": 4,
  "gid": 1,
  "rev": 0,
  "msg": "Testing mss",
  "app_proto": "unknown",
  "requirements": [],
  "type": "pkt",
  "flags": [
    "src_any",
    "dst_any",
    "sp_any",
    "dp_any",
    "need_packet",
    "toserver",
    "toclient"
  ],
  "pkt_engines": [
    {
      "name": "packet",
      "is_mpm": false
    }
  ],
  "frame_engines": [],
  "lists": {
    "packet": {
      "matches": [
        {
          "name": "tcp.mss",
          "tcp_mss": {
            "operand": "range",
            "min": 123,
            "max": 456
          }
        }
      ]
    }
  }
}

{
  "raw": "alert tcp any any -> any any (msg: "Testing mss"; tcp.mss: >=439; sid: 5;)",
  "id": 5,
  "gid": 1,
  "rev": 0,
  "msg": "Testing mss",
  "app_proto": "unknown",
  "requirements": [],
  "type": "pkt",
  "flags": [
    "src_any",
    "dst_any",
    "sp_any",
    "dp_any",
    "need_packet",
    "toserver",
    "toclient"
  ],
  "pkt_engines": [
    {
      "name": "packet",
      "is_mpm": false
    }
  ],
  "frame_engines": [],
  "lists": {
    "packet": {
      "matches": [
        {
          "name": "tcp.mss",
          "tcp_mss": {
            "operand": "greater than or equal to",
            "value": 439
          }
        }
      ]
    }
  }
}

SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1462

@0xEniola
detect/analyzer: add more details for tcp_mss
8e37698 
Add more details to the tcp.mss keyword engine analysis output
Issue: OISF#6355
@jufajardini jufajardini mentioned this pull request Nov 13, 2023
Closed
@jufajardini jufajardini added the outreachy Contributions made by Outreachy applicants label Nov 13, 2023
jufajardini
jufajardini requested changes Nov 13, 2023
View reviewed changes
Copy link
Contributor

@jufajardini jufajardini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're basically done, thanks!

See the online comment, the parameter type change was not reflected on the header file.

src/detect-tcpmss.h
@@ -26,4 +26,6 @@

void DetectTcpmssRegister(void);

const char *DetectTcpmssModeToString(uint8_t mode);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: function signatures are not matching :P

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sheesh!

🤣.

I'll sort that.

@0xEniola 0xEniola closed this Nov 13, 2023
@0xEniola 0xEniola mentioned this pull request Nov 13, 2023
Closed
@0xEniola 0xEniola deleted the tcp-mss-keyword-6355-v5 branch February 9, 2024 11:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini jufajardini requested changes

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
outreachy Contributions made by Outreachy applicants
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@0xEniola @jufajardini