Project

General

Profile

Actions

Optimization #1044

closed

TLS buffers evaluated by fast_pattern matcher.

Added by Will Metcalf almost 8 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

As far as I can tell tls.* buffers are not evaluated by the fast_pattern matcher. If this is correct is there a reason why this is the case? If no reason can we add them?

Actions #1

Updated by Victor Julien almost 8 years ago

  • Assignee deleted (Anoop Saldanha)
  • Target version set to 3.0RC2
Actions #2

Updated by Victor Julien over 6 years ago

  • Target version changed from 3.0RC2 to TBD
Actions #3

Updated by Andreas Herz over 5 years ago

  • Assignee set to OISF Dev
Actions #4

Updated by Victor Julien over 5 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Mats Klepsland
Actions #5

Updated by Victor Julien about 5 years ago

  • Status changed from Assigned to Closed
  • Target version changed from TBD to 3.2beta1

https://github.com/inliniac/suricata/pull/2249 adds: tls_cert_issuer and tls_cert_subject, which replace tls.issuerdn and tls.subject. They are 'sticky buffers' like file_data, so all your regular matching (content/pcre/isdataat/etc) applies.

Actions

Also available in: Atom PDF