Feature #5446: allow ranges in dns.opcode value - Suricata - Open Information Security Foundation

Actions

Feature #5446

closed

allow ranges in dns.opcode value

Added by Jason Taylor almost 2 years ago. Updated 3 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

Effort:

Difficulty:

Label:

Description

It would be nice to be able to write a single rule looking for a range of opcodes or not looking (excluding) a range of opcodes.

examples:

alert dns any any -> any any (msg:"dns unassigned opcodes in dns query"; dns.opcode:7-15; sid:123; rev:1;)

alert dns any any -> any any (msg:"dns opcode other than assigned opcode in dns query"; dns.opcode:!1-6; sid:123; rev:1;)

Related issues 3 (2 open — 1 closed)

Actions

#1

Updated by Victor Julien over 1 year ago

@Philippe Antoine could this somehow be implemented as part of the general detect int work?

Actions

#2

Updated by Philippe Antoine 11 months ago

Assignee changed from OISF Dev to Philippe Antoine

Actions

#3

Updated by Philippe Antoine 10 months ago

Target version changed from TBD to 8.0.0-beta1

Actions

#4

Updated by Philippe Antoine 5 months ago

Status changed from New to In Review

https://github.com/OISF/suricata/pull/9925

Actions

#5

Updated by Philippe Antoine 3 months ago

Related to Feature #6646: detect: integer: support negated ranges added

Actions

#6

Updated by Philippe Antoine 3 months ago

Related to Feature #6644: tracking: detect: integer as first-class support added

Actions

#7

Updated by Philippe Antoine 3 months ago

Related to Feature #6723: detect: review existing keywords for usage of enumerations added

Actions

#8

Updated by Philippe Antoine 3 months ago

Status changed from In Review to Closed

https://github.com/OISF/suricata/pull/10280

Actions

Also available in: Atom PDF