Feature #424
App layer registration cleanup - Support specifying same alproto names in rules for different ip protocols
100%
Description
The main goal would be to use same alproto name in rules for app protocols that support various ip carriers.
For example, unify "dcerpc" and "dcerpcudp", into a single "dcerpc". This should allow use of rules in the format.
alert dcerpc
instead of separate
alert dcerpcudp and alert dcerpc
Also carry out other cleanup work in app layer registration.
History
#1 Updated by Victor Julien over 5 years ago
What global steps need to be taken for this?
#2 Updated by Anoop Saldanha over 5 years ago
Victor Julien wrote:
What global steps need to be taken for this?
al_proto_table would be an array, the size of the array being the no of supported ip protocols.
On the cleanup side, I'd prefer to get rid of AppLayerLocalMap. Certainly not a necessary feature. ftp parser is the only one using it and our ftp parser is not streaming one and needs an update anyways. ftp parser update + this suggested code cleanup would go hand in hand.
#3 Updated by Anoop Saldanha over 5 years ago
- Assignee set to Anoop Saldanha
#4 Updated by Victor Julien about 5 years ago
- Target version set to 1.4
#5 Updated by Victor Julien over 4 years ago
- Target version changed from 1.4 to 2.0rc2
#6 Updated by Victor Julien about 4 years ago
- Target version changed from 2.0rc2 to 2.0beta2
#7 Updated by Victor Julien over 3 years ago
- Target version changed from 2.0beta2 to 2.0rc1
#8 Updated by Victor Julien over 3 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100