[Oisf-users] 答复: Does anybody test IMAP protocol dection under version 5.0.0-dev? I guess it may not work.
Ma Allen
mazhh at outlook.com
Thu Mar 14 04:21:03 UTC 2019
Somebody said that they couldn't find the version 5.0.0-dev. I got it from GitHub about more than one month ago.
/* the name of our binary */
#define PROG_NAME "Suricata"
#define PROG_VER "5.0.0-dev"
________________________________
发件人: Ma Allen <mazhh at outlook.com>
发送时间: 2019年3月14日 10:59
收件人: oisf-users at lists.openinfosecfoundation.org
主题: Does anybody test IMAP protocol dection under version 5.0.0-dev? I guess it may not work.
In AppLayerParserRegisterProtocolParsers(),
/** IMAP */
AppLayerProtoDetectRegisterProtocol(ALPROTO_IMAP, "imap");
if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "imap")) {
if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_IMAP,
"1|20|capability", 12, 0, STREAM_TOSERVER) < 0)
{
SCLogInfo("imap proto registration failure\n");
exit(EXIT_FAILURE);
}
} else {
SCLogInfo("Protocol detection and parser disabled for %s protocol.",
"imap");
}
As AppLayerProtoDetectPMRegisterPatternCS() is used, 5.0.0-dev will use the pattern "capability" case-sensitively to detect whether the protocol is IMAP.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190314/2c60d8f8/attachment.html>
More information about the Oisf-users
mailing list