[Oisf-devel] RFC: DNS app layer and logging (WIP)
Victor Julien
victor at inliniac.net
Wed Apr 24 14:00:08 UTC 2013
Updated version:
https://github.com/inliniac/suricata/tree/dev-dns-parser-v1.3
On 04/23/2013 06:03 PM, Victor Julien wrote:
>>> - app layer events won't work correctly with UDP it seems. They alert,
>>> but then keep on alerting in consecutive packets. Need to look into it.
I added a fix for this, but we need to consider if this is right. The
commit is here:
https://github.com/inliniac/suricata/commit/cce88fade28f6bcf0c24e52be5db85ac929fcdfc
It simply resets the app layer events once we switch to a new TX to inspect.
Again, comments, review, etc welcome.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list