[Oisf-users] [Oisf-devel] RFC: Yaml conf structure for enabling/disabling protocol parsers
Anoop Saldanha
anoopsaldanha at gmail.com
Sat Dec 28 04:35:06 UTC 2013
On Sat, Dec 28, 2013 at 5:38 AM, Jason Ish <lists at unx.ca> wrote:
> On Thu, Dec 26, 2013 at 11:50 AM, Anoop Saldanha
> <anoopsaldanha at gmail.com> wrote:
>> On Thu, Dec 26, 2013 at 8:51 PM, Christophe Vandeplas
>> <christophe at vandeplas.com> wrote:
>>> Option 2 seems the most logical one to me.
>>>
>>> In addition to Victor's argument about nesting I'd like to add and usability
>>> argument for keeping the tcp and udp configuration close to each other:
>>> When you dive into the configuration you mostly care about it being "dns"
>>> and not "tcp/udp". So if you're going to make a change there's a high
>>> probability that you'll want to change both the tcp and udp version of the
>>> dns procotol. You'll probably prefer to to scroll a page downwards to change
>>> the udp part after setting the tcp settings.
>>>
>>> Kind regards and merry xmas
>>>
>>
>> +1
>
> +1 here as well. I'd also be curious what the defaults are as well?
> Say I don't list DNS, is DNS not going to be enabled at all? Just
> enabled on TCP? Or do what the 80% probably what, have DNS enabled on
> TCP and UDP port 53 when its configuration is absent?
Listing 2 default cases -
1. When we don't list the protocol-
I'm possibly leaning towards enabling the protocol parser for both
tcp/udp(all supported ipprotos for that protocol, to be precise),
keeping in mind that I'd want to provide backward compatibility for
older conf files, although in subsequent versions I'd prefer to have
users upgrade their conf files and make specifying the above conf
mandatory to enable a parser.
2. When we list a protocol but don't mention the ipproto. Example:
dns:
enabled: yes
detection-ports:
toserver: 53
Use a "apply-to-all-ipprotos" case, and this would enable both the
tcp and udp versions of dns.
--
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------
More information about the Oisf-users
mailing list