Feature #6396
closedAdd protocol string support for mqtt
Description
we would like the ability to sig on the protocol string content on mqtt traffic. The key/value is currently being logged:
"mqtt":{"connect":{"qos":0,"retain":false,"dup":false,"protocol_string":"MQIsdp","protocol_version":3,"client_id":"<snipped>
So something like mqtt.protocol_string would be great.
Updated by Jason Taylor about 1 year ago
When looking at the mqtt sources, I noticed what are probably the remnants from a copy/paste in detect-mqtt-type.c:
/**
* \brief Registration function for ipopts: keyword
*/
Totally a minor thing of course just figured a fixup could go in with this tickets main work
Updated by Sascha Steinbiss about 1 year ago
- Status changed from New to In Progress
- Label C, Needs Suricata-Verify test, Rust added
Updated by Sascha Steinbiss about 1 year ago
Jason Taylor wrote in #note-1:
When looking at the mqtt sources, I noticed what are probably the remnants from a copy/paste in detect-mqtt-type.c:
/**
- \brief Registration function for ipopts: keyword
*/Totally a minor thing of course just figured a fixup could go in with this tickets main work
True, will include that in the PR. Thanks for spotting this!
Updated by Sascha Steinbiss about 1 year ago
- Status changed from In Progress to In Review
Updated by Philippe Antoine about 1 year ago
- Target version changed from TBD to 8.0.0-beta1
Updated by Philippe Antoine about 1 year ago
- Status changed from In Review to Closed