From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Tue, 12 Jul 2022 13:07:49 +0000 (-0400)
Subject: stream/rules: add example rule for reassembly depth
X-Git-Tag: suricata-7.0.0-beta1~317
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4aa4ad3f7406acc4c69dd93f0a8193729240cfc9;p=thirdparty%2Fsuricata.git

stream/rules: add example rule for reassembly depth

Issue: 3512
---

diff --git a/rules/stream-events.rules b/rules/stream-events.rules
index 66998449d9..a267331875 100644
--- a/rules/stream-events.rules
+++ b/rules/stream-events.rules
@@ -98,5 +98,6 @@ alert tcp any any -> any any (msg:"SURICATA STREAM FIN SYN reuse"; stream-event:
 # Disabled by default as this quite common and not malicious.
 #alert tcp any any -> any any (msg:"SURICATA STREAM spurious retransmission"; stream-event:pkt_spurious_retransmission; classtype:protocol-command-decode; sid:2210061; rev:1;)
 
-# next sid 2210062
+alert tcp any any -> any any (msg:"SURICATA STREAM reassembly depth reached"; stream-event:reassembly_depth_reached; classtype:protocol-command-decode; sid:2210062; rev:1;)
+# next sid 2210063