[Oisf-users] RFC: Yaml conf structure for enabling/disabling protocol parsers

Victor Julien lists at inliniac.net
Tue Dec 17 13:41:41 UTC 2013


On 12/17/2013 02:34 PM, Peter Manev wrote:
> On Tue, Dec 17, 2013 at 12:56 PM, Rich Rumble <richrumble at gmail.com> wrote:
>> On Tue, Dec 17, 2013 at 5:32 AM, Anoop Saldanha <anoopsaldanha at gmail.com> wrote:
>>> We are currently planning on updating the above parameters and
>>> introduce "ipproto" as a separate hierarchy.  The options currently
>>> under consideration are listed in the below link.
>>>
>>> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/AppLayerYaml
>>>
>>> Thoughts, comments welcome.
>>>
>>> Please specify the option(1, 2 or 3 from the above link) you prefer.
>>> If you have something different on your mind, please go ahead and
>>> introduce it, and we can deliberate on adding it to the list as well.
>>
>>
>> Option 1.
> 
> Option 1

What I dislike about this scheme, is that it adds an extra layer of
nesting that is unnecessary for most protocols. Each layer of nesting is
an added opportunity for messing up the yaml, which is very strict on
indenting.

tcp:
  http:

Is redundant for example.

There are a few protocols we support currently that have need to specify
ipproto: dns and smb.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-users mailing list