I am writing a rule where I wanted to use byte_jump and from_end. Reading the docs:
https://suricata.readthedocs.io/en/suricata-5.0.2/rules/payload-keywords.html#byte-jump
It appears that it should work but trying the example in the doc returns the following when attempting to load the rule into any Suricata version:
Problem starting Suricata daemon: [2101] 8/4/2020 – 18:08:31 - (detect-bytejump.c:462) (DetectBytejumpParse) – [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Unknown option: “from_end”
Also looking at the detect-bytejump.c I don’t see the from_end argument defined. Thanks in advance for any guidance!
JT