Bug #5038
Updated by Jason Ish about 2 years ago
A simple rule such as alert @tftp any any -> any any (msg:"test"; sid:10008; rev:1;)@ fails to load with the following error: [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "tftp" cannot be used in a signature. Either detection for this protocol is not yet supported OR detection has been disabled for protocol through the yaml option app-layer.protocols.tftp.detection-enabled This appears to have been broken with this commit in the master-6.0.x branch, https://github.com/OISF/suricata/commit/9daa22a021863508d497033939a353b61606de8a, and has been fixed in master with https://github.com/OISF/suricata/commit/c9d664b0a0d8e000aa3846e63b2f93b19302161b which cleanly cherry-picks into master-6.0.x. https://github.com/OISF/suricata/commit/c9d664b0a0d8e000aa3846e63b2f93b19302161b.