[Oisf-devel] RFC: DNS app layer and logging (WIP)
Anoop Saldanha
anoopsaldanha at gmail.com
Wed Apr 24 14:59:16 UTC 2013
On Wed, Apr 24, 2013 at 7:30 PM, Victor Julien <victor at inliniac.net> wrote:
> Updated version:
> https://github.com/inliniac/suricata/tree/dev-dns-parser-v1.3
>
> On 04/23/2013 06:03 PM, Victor Julien wrote:
>>>> - app layer events won't work correctly with UDP it seems. They alert,
>>>> but then keep on alerting in consecutive packets. Need to look into it.
>
> I added a fix for this, but we need to consider if this is right. The
> commit is here:
> https://github.com/inliniac/suricata/commit/cce88fade28f6bcf0c24e52be5db85ac929fcdfc
>
> It simply resets the app layer events once we switch to a new TX to inspect.
>
> Again, comments, review, etc welcome.
>
It will work, but it's not right from where I see. Events should be per tx.
--
Anoop Saldanha
More information about the Oisf-devel
mailing list