Project

General

Profile

Actions

Feature #2572

closed

extend protocol detection to specify flow direction

Added by Victor Julien over 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

In midstream and async cases, the flow direction can be wrong. It's not always possible to detect this based on the packet properties, but the protocol detection can often tell.

Implement a way to allow protocol detect to change the flow direction.


Related issues 3 (1 open2 closed)

Blocks Suricata - Feature #1125: smtp: improve protocol detectionClosedPhilippe AntoineActions
Blocks Suricata - Feature #273: IRC protocol detection supportNewCommunity TicketActions
Blocks Suricata - Optimization #2272: Analyze DNS response if query is not presentRejectedJason IshActions
Actions #1

Updated by Victor Julien over 6 years ago

Actions #2

Updated by Victor Julien over 6 years ago

Actions #3

Updated by Victor Julien over 6 years ago

  • Subject changed from externd protocol detection to specify flow direction to extend protocol detection to specify flow direction
Actions #4

Updated by Victor Julien almost 6 years ago

Actions #5

Updated by Victor Julien almost 6 years ago

  • Priority changed from Normal to High
Actions #6

Updated by Victor Julien almost 6 years ago

  • Status changed from Assigned to Closed
  • Priority changed from High to Normal
Actions

Also available in: Atom PDF