Feature #424
closed
App layer registration cleanup - Support specifying same alproto names in rules for different ip protocols
Added by Anoop Saldanha over 12 years ago.
Updated almost 11 years ago.
Description
The main goal would be to use same alproto name in rules for app protocols that support various ip carriers.
For example, unify "dcerpc" and "dcerpcudp", into a single "dcerpc". This should allow use of rules in the format.
alert dcerpc
instead of separate
alert dcerpcudp and alert dcerpc
Also carry out other cleanup work in app layer registration.
What global steps need to be taken for this?
Victor Julien wrote:
What global steps need to be taken for this?
al_proto_table would be an array, the size of the array being the no of supported ip protocols.
On the cleanup side, I'd prefer to get rid of AppLayerLocalMap. Certainly not a necessary feature. ftp parser is the only one using it and our ftp parser is not streaming one and needs an update anyways. ftp parser update + this suggested code cleanup would go hand in hand.
- Assignee set to Anoop Saldanha
- Target version set to 1.4
- Target version changed from 1.4 to 2.0rc2
- Target version changed from 2.0rc2 to 2.0beta2
- Target version changed from 2.0beta2 to 2.0rc1
- Status changed from New to Closed
- % Done changed from 0 to 100
Also available in: Atom
PDF