Project

General

Profile

Feature #424

App layer registration cleanup - Support specifying same alproto names in rules for different ip protocols

Added by Anoop Saldanha almost 7 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Anoop Saldanha
Target version:
2.0rc1
Effort:
Difficulty:

Description

The main goal would be to use same alproto name in rules for app protocols that support various ip carriers.

For example, unify "dcerpc" and "dcerpcudp", into a single "dcerpc". This should allow use of rules in the format.

alert dcerpc

instead of separate

alert dcerpcudp and alert dcerpc

Also carry out other cleanup work in app layer registration.

History

#1

Updated by Victor Julien almost 7 years ago

What global steps need to be taken for this?

#2

Updated by Anoop Saldanha almost 7 years ago

Victor Julien wrote:

What global steps need to be taken for this?

al_proto_table would be an array, the size of the array being the no of supported ip protocols.

On the cleanup side, I'd prefer to get rid of AppLayerLocalMap. Certainly not a necessary feature. ftp parser is the only one using it and our ftp parser is not streaming one and needs an update anyways. ftp parser update + this suggested code cleanup would go hand in hand.

#3

Updated by Anoop Saldanha almost 7 years ago

  • Assignee set to Anoop Saldanha
#4

Updated by Victor Julien over 6 years ago

  • Target version set to 1.4
#5

Updated by Victor Julien about 6 years ago

  • Target version changed from 1.4 to 2.0rc2
#6

Updated by Victor Julien over 5 years ago

  • Target version changed from 2.0rc2 to 2.0beta2
#7

Updated by Victor Julien about 5 years ago

  • Target version changed from 2.0beta2 to 2.0rc1
#8

Updated by Victor Julien about 5 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF