[Oisf-users] Suricata code queries
Nafisa Mandliwala
nafisa.mandliwala at gmail.com
Tue Apr 9 17:06:37 UTC 2019
Hi all,
I've been browsing the Suricata code for a while and had a few questions,
I'd be glad if someone could help clarify-
1. Since a single thread does decode-stream-detect for a packet, a
stream could be incomplete when it goes to the "detect" phase.
How do you apply rules to an incomplete stream? Does the "detect" phase
wait for the stream to complete?
2. How does Hyperscan work with Suricata? Do you send packets to it or a
stream? I don't see a specific interface where one can inject a stream
instead of packets.
Thanks,
Nafisa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190409/016b2a84/attachment.html>
More information about the Oisf-users
mailing list