[Oisf-devel] RFC: DNS app layer and logging (WIP)
Victor Julien
victor at inliniac.net
Fri Jun 28 09:11:37 UTC 2013
On 06/28/2013 11:08 AM, Peter Manev wrote:
> On Fri, Jun 28, 2013 at 11:01 AM, Victor Julien <victor at inliniac.net> wrote:
>> On 05/02/2013 05:40 PM, Peter Manev wrote:
>>>>> Updated branch:
>>>>> https://github.com/inliniac/suricata/tree/dev-dns-parser-v1.4
>>>>>
>>>>> https://github.com/inliniac/suricata/commit/3722631091883f7396a88cbdb8ef72dbaac164ff
>>>>> adds the core engine support for TX based decoder events.
>>>>>
>>>>
>>>> As a suggestion it would be better if we pushed dns out once we get
>>>> the tx fix work in. Mainly for 2 reasons -
>>>>
>>>> 1. Much easier to rebase dns work over tx work, than the other way round.
>>>> 2. You can fine tune the dns parser + detection, keeping in mind the tx design.
>>>>
>>> Sounds reasonable to me.
>>> When do you gentlemen think (in general) that we could push out a
>>> stable dns parser ?
>>
>> The DNS parser and logger have now been pushed into master.
>>
>
> cool.
> I am going to deploy that (play around with it) over the weekend on
> our test box.
> @Victor - "alert dns any any ...." are there any other keywords available?
>From earlier post:
"Added a detection engine and keyword:
- content modifier "dns_query" that matches on the DNS query name
- added /F pcre option to match on the same"
Thats it for now. Adding more will not be hard.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list