Project

General

Profile

Actions
Copy link

Feature #234

closed
VJ AS

add option disable/enable individual app layer protocol inspection modules

Feature #234: add option disable/enable individual app layer protocol inspection modules

Added by Victor Julien over 15 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Anoop Saldanha
Target version:
2.0beta2
Effort:
Difficulty:
Label:

Description

Not everyone is interested in having all app layer parsing/inspection modules enabled all the time. In the suricata.yaml configuration file we should give the user the option to disable individual parsers.

Ideas for how this should be done in the configuration file are welcome.

DY Updated by delta yeh over 15 years ago Actions
Copy link
 #1

how about

app-layer-modules:
-http
-ftp
-ssh

those module not in this list would not be enabled.

VJ Updated by Victor Julien over 15 years ago Actions
Copy link
 #2

I think I would prefer something like:

app-layer-parsers:
- http
enabled: yes
- ftp
enabled: no

This would allow us to add other options to them...

Thoughts?

DY Updated by delta yeh almost 15 years ago Actions
Copy link
 #3

Victor Julien wrote:

I think I would prefer something like:

app-layer-parsers:
- http
enabled: yes
- ftp
enabled: no

This would allow us to add other options to them...

Thoughts?

Sounds good to me!

VJ Updated by Victor Julien almost 15 years ago Actions
Copy link
 #4

  • Assignee changed from Victor Julien to Anonymous

This would be fairly easy to implement as we can just disable the parser registration for the disabled protocols.

DY Updated by delta yeh over 14 years ago Actions
Copy link
 #5

Victor Julien wrote:

This would be fairly easy to implement as we can just disable the parser registration for the disabled protocols.

I will take this.

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
 #6

  • Status changed from New to Assigned
  • Assignee changed from Anonymous to delta yeh
  • Target version set to 1.2

Cool, thanks!

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
 #7

  • Target version changed from 1.2 to TBD

Have you been able to look into this?

VJ Updated by Victor Julien over 13 years ago Actions
Copy link
 #8

  • Assignee changed from delta yeh to Anoop Saldanha
  • Target version changed from TBD to 1.4beta2

VJ Updated by Victor Julien over 13 years ago Actions
Copy link
 #9

  • Target version changed from 1.4beta2 to 1.4beta3

VJ Updated by Victor Julien over 13 years ago Actions
Copy link
 #10

  • Priority changed from Normal to Low

VJ Updated by Victor Julien over 13 years ago Actions
Copy link
 #11

  • Target version changed from 1.4beta3 to 1.4rc1

VJ Updated by Victor Julien over 13 years ago Actions
Copy link
 #13

  • Target version changed from 1.4rc1 to 2.0rc2

AS Updated by Anoop Saldanha about 13 years ago Actions
Copy link
 #14

https://github.com/inliniac/suricata/pull/279

The above PR does a lot more than provide a feature to enable/disable app layer modules.

We have an update PP proto detection engine, feature to enable proto detection/parser both of which are now separate options in the conf file, ability to specify detection ports in conf file, sig port validation.

VJ Updated by Victor Julien almost 13 years ago Actions
Copy link
 #15

  • Priority changed from Low to Normal
  • Target version changed from 2.0rc2 to 2.0beta2
Actions
Copy link

Also available in: PDF Atom