Bug #1161
closed
Here's my analysis and remarks with the different event_types and the patch from https://github.com/inliniac/suricata/pull/915
http - src/dst switched => Patch OK
http - length = is this the size from client to server or from server to client? What with the other one ? In HTTP POST (for example) it's important to know client-to-server.
fileinfo - toserver - probably not needed => probably out of scope, or otherwise content type must be decoded to be of any use
fileinfo - toclient - src/dst switched => Patch OK
dns - type:query - src/dst switched => Patch OK
dns - type:answer - src/dst correct => Patch ERROR
- Priority changed from Normal to High
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Also available in: Atom
PDF