[Oisf-users] Question "don’t allow midstream session pickups"
Steve Castellarin
steve.castellarin at gmail.com
Wed Feb 7 17:37:02 UTC 2018
Hey Sean,
Take a look at
http://suricata.readthedocs.io/en/latest/configuration/suricata-yaml.html,
section 8.1.12.3 (Stream-engine). There's a much better explanation than
that in the comments of the YAML. As for "midstream: true" I think it
means Suricata will not ignore streams that were created before Suricata
started. I'm not sure about "async-onside: true/false".
Steve
On Wed, Feb 7, 2018 at 12:26 PM, Cloherty, Sean E <scloherty at mitre.org>
wrote:
> I’ve got a question about something that has made me wonder for a while –
>
>
>
> Does midstream: false “#don’t allow midstream session pickups” mean that
> it is not being allowed or is it that “don’t allow midstream” is not
> allowing midstream pickup if the value is true?
>
>
>
> I am assuming that the true or false indicates that the function is
> enabled or disabled. However, reading the setting value and the remark
> following … the double negative “false and “don’t allow” leaves me
> wondering.
>
>
>
> I have the same question for async-oneside: false.
>
>
>
> midstream: false # don't allow midstream session pickups
>
> async-oneside: false # don't enable async stream handling
>
>
>
>
>
>
>
>
>
> Sean Cloherty
>
> InfoSec Engineer/Scientist, Lead
>
> MITRE Corporation
>
> office (781) 271-3707
>
> cell (781) 697-8043
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180207/102a41ee/attachment-0002.html>
More information about the Oisf-users
mailing list