Actions
Optimization #1044
closedTLS buffers evaluated by fast_pattern matcher.
Effort:
Difficulty:
Label:
Description
As far as I can tell tls.* buffers are not evaluated by the fast_pattern matcher. If this is correct is there a reason why this is the case? If no reason can we add them?
Updated by Victor Julien about 11 years ago
- Assignee deleted (
Anoop Saldanha) - Target version set to 3.0RC2
Updated by Victor Julien over 9 years ago
- Target version changed from 3.0RC2 to TBD
Updated by Victor Julien over 8 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Mats Klepsland
Updated by Victor Julien over 8 years ago
- Status changed from Assigned to Closed
- Target version changed from TBD to 3.2beta1
https://github.com/inliniac/suricata/pull/2249 adds: tls_cert_issuer and tls_cert_subject, which replace tls.issuerdn and tls.subject. They are 'sticky buffers' like file_data, so all your regular matching (content/pcre/isdataat/etc) applies.
Actions