[Oisf-users] RFC: Yaml conf structure for enabling/disabling protocol parsers

Anoop Saldanha anoopsaldanha at gmail.com
Thu Dec 26 15:05:35 UTC 2013


On Tue, Dec 17, 2013 at 7:16 PM, Rich Rumble <richrumble at gmail.com> wrote:
> On Tue, Dec 17, 2013 at 8:41 AM, Victor Julien <lists at inliniac.net> wrote:
>> On 12/17/2013 02:34 PM, Peter Manev wrote:
>>> On Tue, Dec 17, 2013 at 12:56 PM, Rich Rumble <richrumble at gmail.com> wrote:
>>>> On Tue, Dec 17, 2013 at 5:32 AM, Anoop Saldanha <anoopsaldanha at gmail.com> wrote:
>>>>> We are currently planning on updating the above parameters and
>>>>> introduce "ipproto" as a separate hierarchy.  The options currently
>>>>> under consideration are listed in the below link.
>>>>>
>>>>> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/AppLayerYaml
>>>>>
>>>>> Thoughts, comments welcome.
>>>>>
>>>>> Please specify the option(1, 2 or 3 from the above link) you prefer.
>>>>> If you have something different on your mind, please go ahead and
>>>>> introduce it, and we can deliberate on adding it to the list as well.
>>>>
>>>>
>>>> Option 1.
>>>
>>> Option 1
>>
>> What I dislike about this scheme, is that it adds an extra layer of
>> nesting that is unnecessary for most protocols. Each layer of nesting is
>> an added opportunity for messing up the yaml, which is very strict on
>> indenting.
>>
>> tcp:
>>   http:
>>
>> Is redundant for example.
>>
>> There are a few protocols we support currently that have need to specify
>> ipproto: dns and smb.
> You just had to go an make sense didn't you... I'm changing to Option 2.

We have 2 votes for option (2), and 1 for option (1).

I give my vote for option (2) as well.

I have updated the link -
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/AppLayerYaml
with a more detailed expansion of how it would look like when all the
protocols are included in the conf.

-- 
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------



More information about the Oisf-users mailing list