Task #6352
openTask #6308: detect/analyzer: add more keyword details
detect/analyzer: add more details for the tcp window keyword
Description
Add more details to the tcp window keyword engine analysis output.
See what the TCP windows keyword has on https://docs.suricata.io/en/latest/rules/header-keywords.html#window
There are more general explanations in the parent task.
Updated by Juliana Fajardini Reichow about 1 year ago
- Copied from Task #6351: detect/analyzer: add more details for the xbits keyword added
Updated by Juliana Fajardini Reichow about 1 year ago
- Copied to Task #6353: detect/analyzer: add more details for the tcp seq keyword added
Updated by Victor Julien 5 months ago
- Target version changed from 8.0.0-beta1 to TBD
Updated by Nancy Enos 9 days ago
I would like to work on this ticket, should i just assign it to myself?
also am not sure how to represent the negation detail of tcp-window.
jb_set_bool(js, "negation", wd->negated);thats what am thinking
Updated by Juliana Fajardini Reichow 9 days ago
Nancy Enos wrote in #note-4:
I would like to work on this ticket, should i just assign it to myself?
Hi, yes, please feel free to assign it to yourself.
also am not sure how to represent the negation detail of tcp-window.
jb_set_bool(js, "negation", wd->negated);
thats what am thinking
Checking some suricata-verify tests that have keywords that allow for negation, I see that we usually use negated, so I would go with that:
jb_set_bool(js, "negated", wd->negated);
Updated by Nancy Enos 9 days ago
- Status changed from New to Assigned
- Assignee changed from Community Ticket to Nancy Enos
Updated by Juliana Fajardini Reichow 8 days ago
- Status changed from Assigned to In Progress
Updated by Juliana Fajardini Reichow 8 days ago
- Status changed from In Progress to In Review
PR for review: https://github.com/OISF/suricata/pull/12024
Updated by Juliana Fajardini Reichow 8 days ago
- Target version changed from TBD to 8.0.0-beta1