doc: add smb section to yaml

author Victor Julien <victor@inliniac.net>

Thu, 29 Mar 2018 13:13:35 +0000 (15:13 +0200)

committer Victor Julien <victor@inliniac.net>

Thu, 29 Mar 2018 13:13:35 +0000 (15:13 +0200)
author Victor Julien <victor@inliniac.net>
Thu, 29 Mar 2018 13:13:35 +0000 (15:13 +0200)
committer Victor Julien <victor@inliniac.net>
Thu, 29 Mar 2018 13:13:35 +0000 (15:13 +0200)
diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst

index 4043deb6be98dbcbf23f318de58b1a6c7c52cb37..91a8b0f136bfcc693d5fc912449dc648aee7af31 100644 (file)
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -1447,6 +1447,29 @@ use of libhtp.
         # Accepted values - bestfit, status_400 and status_404.
         #set-path-unicode-mapping: bestfit
  
+Configure SMB (Rust)
+~~~~~~~~~~~~~~~~~~~~
+
+.. note:: for full SMB support compile Suricata with Rust support
+
+The SMB parser will parse version 1, 2 and 3 of the SMB protocol over TCP.
+
+To enable the parser add the following to the ``app-layer`` section of the YAML.
+
+::
+
+    smb:
+      enabled: yes
+      detection-ports:
+        dp: 139, 445
+
+The parser uses pattern based protocol detection and will fallback to ``probing parsers``
+if the pattern based detection fails. As usual, the pattern based detection is port
+independent. The ``probing parsers`` will only run on the ``detection-ports``.
+
+SMB is commonly used to transfer the DCERPC protocol. This traffic is also handled by
+this parser.
+
  Engine output
  -------------
author	Victor Julien <victor@inliniac.net>
	Thu, 29 Mar 2018 13:13:35 +0000 (15:13 +0200)
committer	Victor Julien <victor@inliniac.net>
	Thu, 29 Mar 2018 13:13:35 +0000 (15:13 +0200)