Actions
Feature #5646
closed
VJ
SB
Task #5645: tracking: elephant flow detection
rules: allow matching on flow pkts and bytes in either direction
Feature #5646:
rules: allow matching on flow pkts and bytes in either direction
Effort:
Difficulty:
Label:
Description
Probably need some logic to express direction, e.g.
flow.pkts:toserver,>,10000; flow.pkts:either,=,10000; flow.bytes:both,>,1G;
Exact syntax TBD.
PA Updated by Philippe Antoine over 2 years ago
- Related to Feature #6164: rules: allow matching on flow pkts and bytes added
PA Updated by Philippe Antoine over 2 years ago
@Victor Julien is there more to do here after https://redmine.openinfosecfoundation.org/issues/6164 ?
Maybe the sum of both directions ?
VJ Updated by Victor Julien almost 2 years ago
Not sure if we need the "both" support. Would that be useful? And I guess an "either" option would make sense as well?
PM Updated by Peter Manev almost 2 years ago
"either" is good in my opinion.
PA Updated by Philippe Antoine almost 2 years ago
- Related to Feature #7097: Additions to flow detection - size added
SB Updated by Shivani Bhardwaj over 1 year ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Shivani Bhardwaj
- Target version changed from TBD to 8.0.0-beta1
VJ Updated by Victor Julien over 1 year ago
- Priority changed from Normal to High
SB Updated by Shivani Bhardwaj over 1 year ago
Also need: elephant flow counter
SB Updated by Shivani Bhardwaj over 1 year ago
- Subject changed from rules: allow matching on flow pkts and bytes to rules: allow matching on flow pkts and bytes in either direction
SB Updated by Shivani Bhardwaj over 1 year ago ยท Edited
- Status changed from Assigned to In Review
Closed by: https://github.com/OISF/suricata/pull/12365
SB Updated by Shivani Bhardwaj about 1 year ago
- Status changed from In Review to Closed
VJ Updated by Victor Julien 12 months ago
- Priority changed from High to Normal
Actions