Hi,
Suricata version 7.0.0-dev (dff7e7d34 2022-01-25)
I’m testing the new frame-support feature. But with a simple rule, it returns an error:
ERRCODE: SC_ERR_INVALID_RULE_ARGUMENT(270)] - unknown app proto 'smb1' for 'frame
rule:
alert tcp any any -> any any (frame:smb1.data; content:"DATA"; sid:1001; rev:1;)
yaml:
# app layer frames
- frame:
# disabled by default as this is very verbose.
enabled: yes
- smb
If I modify the rule and change “smb1” to “telnet” then it works. It doesn’t give an error at first. But when I run a telnet:…
suricata: detect-engine-frame.c:345: DetectEngineInspectFrameBufferGeneric: Assertion
!((int64_t)data_len > frame->len)’ failed.`
…