Feature #424
closedApp layer registration cleanup - Support specifying same alproto names in rules for different ip protocols
Description
The main goal would be to use same alproto name in rules for app protocols that support various ip carriers.
For example, unify "dcerpc" and "dcerpcudp", into a single "dcerpc". This should allow use of rules in the format.
alert dcerpc
instead of separate
alert dcerpcudp and alert dcerpc
Also carry out other cleanup work in app layer registration.
Updated by Victor Julien over 13 years ago
What global steps need to be taken for this?
Updated by Anoop Saldanha over 13 years ago
Victor Julien wrote:
What global steps need to be taken for this?
al_proto_table would be an array, the size of the array being the no of supported ip protocols.
On the cleanup side, I'd prefer to get rid of AppLayerLocalMap. Certainly not a necessary feature. ftp parser is the only one using it and our ftp parser is not streaming one and needs an update anyways. ftp parser update + this suggested code cleanup would go hand in hand.
Updated by Victor Julien over 12 years ago
- Target version changed from 1.4 to 2.0rc2
Updated by Victor Julien about 12 years ago
- Target version changed from 2.0rc2 to 2.0beta2
Updated by Victor Julien over 11 years ago
- Target version changed from 2.0beta2 to 2.0rc1
Updated by Victor Julien over 11 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100