Project

General

Profile

Actions

Documentation #5088

closed

Documentation #5182: userguide: better document rule keywords

file.name sticky buffer is not documented

Added by Eloy PĂ©rez over 2 years ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

The file.name sticky buffer is not documented. It should be documented in /rules/file-keywords.html#filename as the code in detect-filename.c points, but only the keyword filename is documented.

Moreover, there should be references to this sticky buffer in all related protocols documentation where is used, in order to be easier a user to find it. The related protocols are:

  • HTTP
  • SMTP
  • FTP
  • NFS
  • SMB
  • HTTP2

Related issues 1 (1 open0 closed)

Related to Suricata - Bug #5754: I use the file-extraction to store the files transferred by HTTP2, but fileinfo does not have the filename field.NewOISF DevActions
Actions

Also available in: Atom PDF