Feature #1867
closed
Snort compatibility: flow:not_established not supported.
Added by Jason Ish about 8 years ago.
Updated about 8 years ago.
Description
Suricata does not support the "not_established" argument to the "flow" keyword which is used in some Snort rules.
- Priority changed from Low to Normal
- Target version changed from TBD to 70
While at it, add Snort's no_frags and only_frags as well. This is a trivial check: p->flags & PKT_IS_FRAGMENT.
Victor Julien wrote:
While at it, add Snort's no_frags and only_frags as well. This is a trivial check: p->flags & PKT_IS_FRAGMENT.
I think its a little different than that. It looks like no_frag and only_frag refer to the rebuilt packets. If "no_frag", then do not trigger on reassembled packets. If only_frag, then only trigger on re-assembled packets.
- Status changed from Assigned to Closed
- Target version changed from 70 to 3.2rc1
Also available in: Atom
PDF