[Oisf-devel] Develop a pre-processor for a TCP based protocol

Adrian Falk adrianfalk2 at gmail.com
Mon Sep 29 15:01:21 UTC 2014


Hello,

I am thinking about how to develop a Suricata pre-processor for a TCP based
L7 protocol. I have looked at the Suricata source code and have also
reviewed
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Packet_Inspection_Module


I have the following questions:

1.  Adding code as per the above document will allow me to add new keywords
as well as allow me to perform protocol packet boilerplate checks (len,
checksum, etc). Correct?

2. How would I add support for protocol detection?

3. How would I add stateful packet processing for the L7 protocol?

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20140929/6a6d88f9/attachment.html>


More information about the Oisf-devel mailing list