[Oisf-devel] Problem identifying direction correctly for app-layer preprocessor
Adrian Falk
adrianfalk2 at gmail.com
Sat Dec 27 19:00:53 UTC 2014
I'm working on an app-layer preprocessor for a TCP-based protocol, modeled
after Modbus.
While running different traffic through my app-layer preprocessor I notice
while replaying certain capture files the protocol packets identified are
in the wrong direction (a to-server packet is identified as a to-client
packet). I have also noticed that for certain other capture files the
preprocessor doesn't successfully identify any protocol packets although
such packets are present.
I'm running Suricata as follows:
suricata -c /etc/suricata.yaml -r protocol.pcap
I'm using suricata.2.0.4 with mostly default settings except I'm running
with 'midstream equal to true'.
What function in RegisterXParsers() ensures that the protocol packets are
identified successfully and in the correct direction?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20141227/3e197456/attachment.html>
More information about the Oisf-devel
mailing list