]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e583de0) | patch
file_data: check for signature alproto and flow 1574/head
authorGiuseppe Longo <giuseppelng@gmail.com>
Fri, 15 May 2015 09:05:29 +0000 (11:05 +0200)
committerGiuseppe Longo <giuseppelng@gmail.com>
Tue, 30 Jun 2015 14:39:42 +0000 (16:39 +0200)
commitd592d570396c19681d57e7bcb85ca13020424dbd
tree4bc4ed023b3f2daa0f0468217c5af878c4318757tree
parente583de05823c51694cb443d326e7b0ed13cb457ecommit | diff
file_data: check for signature alproto and flow

Currently the following rule can't be loaded:
alert tcp any any -> any 25 (msg:"SMTP file_data test"; flow:to_server,established; file_data; content:"abc";sid:1;)
and produces the error output:
"Can't use file_data with flow:to_server or from_client with http or smtp."

This checks if the alproto is not http in a signature,
so permits to use flow keyword also.

Issue reported by rmkml.
src/detect-file-data.c diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git