Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

userguide: document frame rule keyword - v1 #6927

Closed
wants to merge 1 commit into from
Closed

userguide: document frame rule keyword - v1 #6927

wants to merge 1 commit into from

Conversation

jufajardini
Copy link
Contributor

Add a section about the frame keyword, explaining basic usages, listing
protocols that support said keyword and showing a few rule examples
taken from suricata-verify tests.

Task #4980

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/4980

@jufajardini
userguide: document frame rule keyword
4fdeb89 
Add a section about the frame keyword, explaining basic usages, listing
protocols that support said keyword and showing a few rule examples
taken from suricata-verify tests.

Task OISF#4980
@codecov
Copy link

codecov bot commented Feb 4, 2022

Codecov Report

Merging #6927 (4fdeb89) into master (b0cad24) will decrease coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #6927      +/-   ##
==========================================
- Coverage   77.75%   77.73%   -0.02%     
==========================================
  Files         628      601      -27     
  Lines      185708   185015     -693     
==========================================
- Hits       144388   143830     -558     
+ Misses      41320    41185     -135
Flag Coverage Δ
fuzzcorpus 58.32% <ø> (-0.24%) ⬇️
suricata-verify 54.44% <ø> (+0.06%) ⬆️
unittests 63.13% <ø> (+0.06%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

victorjulien
victorjulien reviewed Feb 4, 2022
View reviewed changes
doc/userguide/rules/frame-keywords.rst
@@ -0,0 +1,80 @@
Frame Keywords
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

think it would be good to add a block on the shorthand notation, e.g.

with tls.pdu, you can use it as alert tcp ... frame:pdu.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TIL. Thanks. :P

@jufajardini jufajardini mentioned this pull request Feb 4, 2022
Closed
@jufajardini
Copy link
Contributor Author

Requested change incorporated with: #6930

@jufajardini jufajardini closed this Feb 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien left review comments

@norg norg Awaiting requested review from norg

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
2 participants
@jufajardini @victorjulien