Documentation #5088
closed
Documentation #5182: userguide: better document rule keywords
file.name sticky buffer is not documented
Added by Eloy PĂ©rez almost 3 years ago.
Updated 9 months ago.
Description
The file.name sticky buffer is not documented. It should be documented in /rules/file-keywords.html#filename as the code in detect-filename.c points, but only the keyword filename is documented.
Moreover, there should be references to this sticky buffer in all related protocols documentation where is used, in order to be easier a user to find it. The related protocols are:
- HTTP
- SMTP
- FTP
- NFS
- SMB
- HTTP2
Related issues
1 (1 open — 0 closed)
Juliana Fajardini Reichow wrote in #note-3:
Jason Taylor wrote in #note-2:
This might be completed under the PRs below?
https://github.com/OISF/suricata/pull/9327 (master)
https://github.com/OISF/suricata/pull/9361 (backport)
I think the main part, yes. As a user, how do you feel about the request that this is referenced in the related protocols' sections, too, though?
Ah yes, good point. That would be nice to have, let me know if this is something I could submit and I can put something together (as it's currently assigned to oisf dev, I don't want to steal anyones fun :) )
JT
- Assignee changed from OISF Dev to Jason Taylor
- Target version changed from TBD to 7.0.2
Jason Taylor wrote in #note-4:
Juliana Fajardini Reichow wrote in #note-3:
Jason Taylor wrote in #note-2:
This might be completed under the PRs below?
https://github.com/OISF/suricata/pull/9327 (master)
https://github.com/OISF/suricata/pull/9361 (backport)
I think the main part, yes. As a user, how do you feel about the request that this is referenced in the related protocols' sections, too, though?
Ah yes, good point. That would be nice to have, let me know if this is something I could submit and I can put something together (as it's currently assigned to oisf dev, I don't want to steal anyones fun :) )
JT
Haha, thanks for asking, but if I recall correctly, this is the new default, to ensure tickets are not left without an assignee...
Your contributions are very welcome! I'll assign this to you, then :) :)
- Status changed from New to In Review
- Related to Bug #5754: I use the file-extraction to store the files transferred by HTTP2, but fileinfo does not have the filename field. added
- Target version changed from 7.0.2 to 7.0.3
- Target version changed from 7.0.3 to 8.0.0-beta1
- Status changed from In Review to Resolved
- Status changed from Resolved to Closed
Also available in: Atom
PDF