[Oisf-devel] RFC: DNS app layer and logging (WIP)

Peter Manev petermanev at gmail.com
Fri Jun 28 09:08:19 UTC 2013


On Fri, Jun 28, 2013 at 11:01 AM, Victor Julien <victor at inliniac.net> wrote:
> On 05/02/2013 05:40 PM, Peter Manev wrote:
>>>> Updated branch:
>>>> https://github.com/inliniac/suricata/tree/dev-dns-parser-v1.4
>>>>
>>>> https://github.com/inliniac/suricata/commit/3722631091883f7396a88cbdb8ef72dbaac164ff
>>>> adds the core engine support for TX based decoder events.
>>>>
>>>
>>> As a suggestion it would be better if we pushed dns out once we get
>>> the tx fix work in.  Mainly for 2 reasons -
>>>
>>> 1. Much easier to rebase dns work over tx work, than the other way round.
>>> 2. You can fine tune the dns parser + detection, keeping in mind the tx design.
>>>
>> Sounds reasonable to me.
>> When do you gentlemen think (in general) that we could push out a
>> stable dns parser ?
>
> The DNS parser and logger have now been pushed into master.
>

cool.
I am going to deploy that (play around with it) over the weekend on
our test box.
@Victor - "alert dns any any ...." are there any other keywords available?


> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/



--
Regards,
Peter Manev



More information about the Oisf-devel mailing list