[Oisf-users] RFC: Yaml conf structure for enabling/disabling protocol parsers
Rich Rumble
richrumble at gmail.com
Tue Dec 17 13:46:15 UTC 2013
On Tue, Dec 17, 2013 at 8:41 AM, Victor Julien <lists at inliniac.net> wrote:
> On 12/17/2013 02:34 PM, Peter Manev wrote:
>> On Tue, Dec 17, 2013 at 12:56 PM, Rich Rumble <richrumble at gmail.com> wrote:
>>> On Tue, Dec 17, 2013 at 5:32 AM, Anoop Saldanha <anoopsaldanha at gmail.com> wrote:
>>>> We are currently planning on updating the above parameters and
>>>> introduce "ipproto" as a separate hierarchy. The options currently
>>>> under consideration are listed in the below link.
>>>>
>>>> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/AppLayerYaml
>>>>
>>>> Thoughts, comments welcome.
>>>>
>>>> Please specify the option(1, 2 or 3 from the above link) you prefer.
>>>> If you have something different on your mind, please go ahead and
>>>> introduce it, and we can deliberate on adding it to the list as well.
>>>
>>>
>>> Option 1.
>>
>> Option 1
>
> What I dislike about this scheme, is that it adds an extra layer of
> nesting that is unnecessary for most protocols. Each layer of nesting is
> an added opportunity for messing up the yaml, which is very strict on
> indenting.
>
> tcp:
> http:
>
> Is redundant for example.
>
> There are a few protocols we support currently that have need to specify
> ipproto: dns and smb.
You just had to go an make sense didn't you... I'm changing to Option 2.
-rich
More information about the Oisf-users
mailing list