Project

General

Profile

Actions

Support #1428

closed

Flow-keywords clarification

Added by god lol almost 10 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

The https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Flow-keywords page gives pretty nice but very brief intro into topic. The most confusing part is the mutually-exclusive to_server, from_server, to_client, from_client set of keywords. What is the difference between to_client and from_server? What about from_client and to_server?

If it's the same thing than why 2 different names? If it's not than more elaborate write-up and some examples of when from_client would match but to_server wouldn't and vice-versa would be of great help for writing rules for Suricata.

If it's already cleared up in some article than at least link to it should be included into abovementioned wiki page.

Actions

Also available in: Atom PDF