[Oisf-wg-configuration_language] Configuration Structure
Nick Rogness
oisf at rogness.net
Thu Aug 6 03:47:57 UTC 2009
On Wed, Aug 5, 2009 at 12:09 PM, Marc Norton <marcn at comcast.net> wrote:
>
> So heres some features I see pretty common to the IDS problems, please
> chime in so we can build the set out or better define what a version 1
> set might be. Use cases are good as well.
>
> Primitives
> - signed/unsigned numbers
> i.e. max-sessions 256K
> - ports, port ranges and port lists (or tables take your pick of
> terminology)
> i.e http-ports [ 80 8080 8138 9100:9200 ]
> - floating point numbers, ranges, and possibly lists
> i.e. 1.5 1e+8
> - time values are nice to have from seconds, minutes hours, to dates.
> i.e. 0.5s 30m etc..
> - ip addresses, ip address ranges, ip lists/tables
> i.e. home-net [ 10.64/16 10.65/16 192.168.1/24 ]
> - identifiers and list of identifiers
> i.e. a rule may reference an iplist .... rule .... home-net
> -here home-net appears as an identifier refering to the home net.
>
I would suggest (For example)t:
max-sessions=256K;
http-ports=[ 80 8080 8138 9100:9200 ];
Sure would make parsing easier until the parser library is decided upon.
Also, should it be considered that it may be easier to implement:
reassembly-timeout-seconds=600;
reassembly-timeout-minutes=5;
Versus using
reassembly-timeout=600s;
Or
reassembly-timeout=5m;
This way you could know the intent by the name and not have to parse
the value to get the units? Also it would reduce the parsing and
issues dealing with case sensitivity. Yeh, you would have more named
pair combinations but they will be predefined anyway.
Nick
More information about the Oisf-wg-configuration_language
mailing list