Project

General

Profile

Actions
Copy link

Feature #2319

closed
SB

Expose flow lifetime to the rulelanguage

Feature #2319: Expose flow lifetime to the rulelanguage

Added by Stian Bergseth over 8 years ago. Updated over 3 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Effort:
Difficulty:
Label:
Beginner, C, Outreachy

Description

During the roadmap discussion in Prague someone asked for the possiblity to detect long lived sessions.
VictorJ said that this data was already stored somewhere.

I guess a sanity check of config for timeouts vs length of duration looked for in the signature would be a good idea

Related issues 3 (2 open1 closed)

Related to Suricata - Task #2309: SuriCon 2017 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #3271: Add keyword to determine flow based speed/bwNewOISF DevActions
Is duplicate of Suricata - Bug #5536: detect: flow.age keywordClosedPhilippe AntoineActions

VJ Updated by Victor Julien over 8 years ago Actions
Copy link
 #1

  • Related to Task #2309: SuriCon 2017 brainstorm added

VJ Updated by Victor Julien over 8 years ago Actions
Copy link
 #2

  • Target version set to TBD

VJ Updated by Victor Julien about 8 years ago Actions
Copy link
 #3

Stian are you planning to submit an implementation for this?

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
 #4

  • Assignee changed from Stian Bergseth to Anonymous
  • Effort set to low
  • Difficulty set to low

AH Updated by Andreas Herz about 7 years ago Actions
Copy link
 #5

  • Assignee set to Community Ticket

VJ Updated by Victor Julien about 7 years ago Actions
Copy link
 #6

  • Label Beginner, Outreachy added

AH Updated by Andreas Herz over 6 years ago Actions
Copy link
 #7

  • Related to Feature #3271: Add keyword to determine flow based speed/bw added

AH Updated by Andreas Herz over 6 years ago Actions
Copy link
 #8

  • Assignee changed from Community Ticket to Stian Bergseth

Additional ideas we will split into dedicated issues:
Dump the flow table over unix socket.
Explore also loading the flow table into suricata as part of a state keeping.

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
 #9

  • Assignee changed from Stian Bergseth to Community Ticket

SB Updated by Shivani Bhardwaj over 5 years ago Actions
Copy link
 #10

  • Effort deleted (low)
  • Difficulty deleted (low)
  • Label C added

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #11

  • Is duplicate of Bug #5536: detect: flow.age keyword added

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #12

  • Status changed from New to Closed
  • Assignee deleted (Community Ticket)
  • Target version deleted (TBD)

Closed as duplicate of #5536.

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #13

  • Status changed from Closed to Rejected
Actions
Copy link

Also available in: PDF Atom