mirror of https://github.com/OISF/suricata
cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
eae5b1ba35
Instead of the notion of toserver and toclient protocol detection, use
destination port and source port.
Independent of the data direction, the flow's port settings will be used
to find the correct probing parser, where we first try the dest port,
and if that fails the source port.
Update the configuration file format, where toserver is replaced by 'dp'
and toclient by 'sp'. Toserver is intrepreted as 'dp' and toclient as
'sp' for backwards compatibility.
Example for dns:
dns:
# memcaps. Globally and per flow/state.
#global-memcap: 16mb
#state-memcap: 512kb
# How many unreplied DNS requests are considered a flood.
# If the limit is reached, app-layer-event:dns.flooded; will match.
#request-flood: 500
tcp:
enabled: yes
detection-ports:
dp: 53
udp:
enabled: yes
detection-ports:
dp: 53
Like before, progress of protocol detection is tracked per flow direction.
Bug #1142.
|
11 years ago | |
|---|---|---|
| benches | 16 years ago | |
| contrib | 12 years ago | |
| doc | 13 years ago | |
| m4 | 16 years ago | |
| qa | 11 years ago | |
| rules | 11 years ago | |
| scripts | 13 years ago | |
| src | 11 years ago | |
| .gitignore | 12 years ago | |
| COPYING | 16 years ago | |
| ChangeLog | 12 years ago | |
| LICENSE | 16 years ago | |
| Makefile.am | 12 years ago | |
| Makefile.cvs | 16 years ago | |
| acsite.m4 | 16 years ago | |
| autogen.sh | 13 years ago | |
| classification.config | 16 years ago | |
| config.rpath | 12 years ago | |
| configure.ac | 12 years ago | |
| doxygen.cfg | 12 years ago | |
| reference.config | 14 years ago | |
| suricata.yaml.in | 11 years ago | |
| threshold.config | 13 years ago | |