return 1;
}
-static int SSLGetAlstateProgress(void *tx, uint8_t direction)
+static void UpdateClientState(SSLState *ssl_state, enum TlsStateClient s)
{
- SSLState *ssl_state = (SSLState *)tx;
-
- /* we don't care about direction, only that app-layer parser is done
- and have sent an EOF */
- if (ssl_state->flags & SSL_AL_FLAG_STATE_FINISHED) {
- return TLS_STATE_FINISHED;
- }
+#ifdef DEBUG
+ enum TlsStateClient old = ssl_state->client_state;
+#endif
+ ssl_state->client_state = s;
+#ifdef DEBUG
+ SCLogDebug("toserver: state updated to %u from %u", s, old);
+#endif
+}
- /* we want the logger to log when the handshake is done, even if the
- state is not finished */
- if (ssl_state->flags & SSL_AL_FLAG_HANDSHAKE_DONE) {
- return TLS_HANDSHAKE_DONE;
- }
+static void UpdateServerState(SSLState *ssl_state, enum TlsStateServer s)
+{
+#ifdef DEBUG
+ enum TlsStateServer old = ssl_state->server_state;
+#endif
+ ssl_state->server_state = s;
+#ifdef DEBUG
+ SCLogDebug("toclient: state updated to %u from %u", s, old);
+#endif
+}
- if (direction == STREAM_TOSERVER &&
- (ssl_state->server_connp.cert0_subject != NULL ||
- ssl_state->server_connp.cert0_issuerdn != NULL))
- {
- return TLS_STATE_CERT_READY;
+static int SSLGetAlstateProgress(void *tx, uint8_t direction)
+{
+ SSLState *ssl_state = (SSLState *)tx;
+ if (direction & STREAM_TOCLIENT) {
+ return ssl_state->server_state;
+ } else {
+ return ssl_state->client_state;
}
-
- return TLS_STATE_IN_PROGRESS;
}
static AppLayerTxData *SSLGetTxData(void *vtx)
ssl_state->curr_connp->ja3_hash = Ja3GenerateHash(ssl_state->curr_connp->ja3_str);
}
+ if (ssl_state->curr_connp == &ssl_state->client_connp) {
+ UpdateClientState(ssl_state, TLS_STATE_CLIENT_HELLO_DONE);
+ } else {
+ UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO);
+ }
end:
return 0;
}
SSLParserHSReset(connp);
/* fall through to still consume the cert bytes */
}
+ if (connp == &ssl_state->client_connp) {
+ UpdateClientState(ssl_state, TLS_STATE_CLIENT_CERT_DONE);
+ } else {
+ UpdateServerState(ssl_state, TLS_STATE_SERVER_CERT_DONE);
+ }
return input_len;
}
break;
case SSLV3_HS_CERTIFICATE:
-
rc = SSLv3ParseHandshakeTypeCertificate(ssl_state,
direction ? &ssl_state->server_connp : &ssl_state->client_connp, initial_input,
input_len);
SCLogDebug("new session ticket");
break;
case SSLV3_HS_SERVER_HELLO_DONE:
+ if (direction) {
+ UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO_DONE);
+ }
break;
default:
SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
/* if level Fatal, we consider the tx finished */
if (level == 2) {
- ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
+ UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
+ UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
}
}
return 0;
ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_HS;
+ UpdateClientState(ssl_state, TLS_STATE_CLIENT_HELLO_DONE);
const uint16_t version = (uint16_t)(input[0] << 8) | input[1];
SCLogDebug("SSLv2: version %04x", version);
} else {
ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
}
+ UpdateServerState(ssl_state, TLS_STATE_SERVER_CERT_DONE);
/* fall through */
case SSLV2_MT_SERVER_VERIFY:
case SSLV2_MT_SERVER_HELLO:
ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
ssl_state->current_flags |= SSL_AL_FLAG_SSL_SERVER_HS;
+ UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO);
break;
}
ssl_state->flags |= SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC;
} else {
ssl_state->flags |= SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC;
+
+ // TODO TLS 1.3
+ UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
}
break;
/* if we see (encrypted) application data, then this means the
handshake must be done */
- ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
+ if (ssl_state->curr_connp == &ssl_state->client_connp) {
+ UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
+ } else {
+ UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
+ }
if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
SCLogDebug("setting APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD");
(direction == 1 &&
AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {
/* flag session as finished if APP_LAYER_PARSER_EOF is set */
- ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
+ if (direction == 0)
+ UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
+ else
+ UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
SCReturnStruct(APP_LAYER_OK);
} else if (input == NULL || input_len == 0) {
SCReturnStruct(APP_LAYER_ERROR);
/* mark handshake as done if we have subject and issuer */
if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) &&
ssl_state->client_connp.cert0_subject && ssl_state->client_connp.cert0_issuerdn) {
- SCLogDebug("SSL_AL_FLAG_HANDSHAKE_DONE");
- ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
+ /* update both sides to keep existing behavior */
+ UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
+ UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
} else if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) == 0 &&
ssl_state->server_connp.cert0_subject && ssl_state->server_connp.cert0_issuerdn) {
- SCLogDebug("SSL_AL_FLAG_HANDSHAKE_DONE");
- ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
+ /* update both sides to keep existing behavior */
+ UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
+ UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
}
/* flag session as finished if APP_LAYER_PARSER_EOF is set */
if (AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) &&
AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)) {
- SCLogDebug("SSL_AL_FLAG_STATE_FINISHED");
- ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
+ /* update both sides to keep existing behavior */
+ UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
+ UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
}
return APP_LAYER_OK;
AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetAlstateProgress);
AppLayerParserRegisterStateProgressCompletionStatus(
- ALPROTO_TLS, TLS_STATE_FINISHED, TLS_STATE_FINISHED);
+ ALPROTO_TLS, TLS_STATE_CLIENT_FINISHED, TLS_STATE_SERVER_FINISHED);
SCConfNode *enc_handle = SCConfGetNode("app-layer.protocols.tls.encryption-handling");
if (enc_handle != NULL && enc_handle->val != NULL) {
TLS_DECODER_EVENT_INVALID_SSL_RECORD,
};
-enum {
- TLS_STATE_IN_PROGRESS = 0,
- TLS_STATE_CERT_READY = 1,
- TLS_HANDSHAKE_DONE = 2,
- TLS_STATE_FINISHED = 3
+enum TlsStateClient {
+ TLS_STATE_CLIENT_IN_PROGRESS = 0,
+ TLS_STATE_CLIENT_HELLO_DONE,
+ TLS_STATE_CLIENT_CERT_DONE,
+ TLS_STATE_CLIENT_HANDSHAKE_DONE,
+ TLS_STATE_CLIENT_FINISHED,
+};
+
+enum TlsStateServer {
+ TLS_STATE_SERVER_IN_PROGRESS = 0,
+ TLS_STATE_SERVER_HELLO,
+ TLS_STATE_SERVER_CERT_DONE,
+ TLS_STATE_SERVER_HELLO_DONE,
+ TLS_STATE_SERVER_HANDSHAKE_DONE,
+ TLS_STATE_SERVER_FINISHED,
};
/* Flag to indicate that server will now on send encrypted msgs */
#define SSL_AL_FLAG_STATE_SERVER_KEYX BIT_U32(12)
#define SSL_AL_FLAG_STATE_UNKNOWN BIT_U32(13)
-/* flag to indicate that session is finished */
-#define SSL_AL_FLAG_STATE_FINISHED BIT_U32(14)
-
/* flags specific to HeartBeat state */
#define SSL_AL_FLAG_HB_INFLIGHT BIT_U32(15)
#define SSL_AL_FLAG_HB_CLIENT_INIT BIT_U32(16)
#define SSL_AL_FLAG_HB_SERVER_INIT BIT_U32(17)
-/* flag to indicate that handshake is done */
-#define SSL_AL_FLAG_HANDSHAKE_DONE BIT_U32(18)
-
/* Session resumed without a full handshake */
#define SSL_AL_FLAG_SESSION_RESUMED BIT_U32(20)
SSLStateConnp *curr_connp;
+ enum TlsStateClient client_state;
+ enum TlsStateServer server_state;
+
SSLStateConnp client_connp;
SSLStateConnp server_connp;
} SSLState;
sigmatch_table[DETECT_TLS_ALPN].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_TLS_ALPN].flags |= SIGMATCH_INFO_STICKY_BUFFER;
- DetectAppLayerMultiRegister("tls.alpn", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, TlsAlpnGetData, 2,
- TLS_STATE_IN_PROGRESS);
- DetectAppLayerMultiRegister(
- "tls.alpn", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, TlsAlpnGetData, 2, TLS_STATE_CERT_READY);
+ DetectAppLayerMultiRegister("tls.alpn", ALPROTO_TLS, SIG_FLAG_TOSERVER,
+ TLS_STATE_CLIENT_HELLO_DONE, TlsAlpnGetData, 2, TLS_STATE_CLIENT_HELLO_DONE);
+ DetectAppLayerMultiRegister("tls.alpn", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_SERVER_HELLO,
+ TlsAlpnGetData, 2, TLS_STATE_SERVER_HELLO);
DetectBufferTypeSetDescriptionByName("tls.alpn", "TLS APLN");
sigmatch_table[DETECT_TLS_CERT_FINGERPRINT].flags |= SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("tls.cert_fingerprint", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
- TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData);
+ TLS_STATE_SERVER_CERT_DONE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("tls.cert_fingerprint", SIG_FLAG_TOCLIENT, 2,
- PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY);
+ PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_SERVER_CERT_DONE);
DetectAppLayerInspectEngineRegister("tls.cert_fingerprint", ALPROTO_TLS, SIG_FLAG_TOSERVER,
- TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData);
+ TLS_STATE_CLIENT_CERT_DONE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("tls.cert_fingerprint", SIG_FLAG_TOSERVER, 2,
- PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY);
+ PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CLIENT_CERT_DONE);
DetectBufferTypeSetDescriptionByName("tls.cert_fingerprint",
"TLS certificate fingerprint");
sigmatch_table[DETECT_TLS_CERT_ISSUER].flags |= SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("tls.cert_issuer", ALPROTO_TLS, SIG_FLAG_TOSERVER,
- TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData);
+ TLS_STATE_CLIENT_CERT_DONE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("tls.cert_issuer", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
- GetData, ALPROTO_TLS, TLS_STATE_CERT_READY);
+ GetData, ALPROTO_TLS, TLS_STATE_CLIENT_CERT_DONE);
DetectAppLayerInspectEngineRegister("tls.cert_issuer", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
- TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData);
+ TLS_STATE_SERVER_CERT_DONE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("tls.cert_issuer", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister,
- GetData, ALPROTO_TLS, TLS_STATE_CERT_READY);
+ GetData, ALPROTO_TLS, TLS_STATE_SERVER_CERT_DONE);
DetectBufferTypeSetDescriptionByName("tls.cert_issuer",
"TLS certificate issuer");
sigmatch_table[DETECT_TLS_CERT_SERIAL].flags |= SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("tls.cert_serial", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
- TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData);
+ TLS_STATE_SERVER_CERT_DONE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("tls.cert_serial", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister,
- GetData, ALPROTO_TLS, TLS_STATE_CERT_READY);
+ GetData, ALPROTO_TLS, TLS_STATE_SERVER_CERT_DONE);
DetectAppLayerInspectEngineRegister("tls.cert_serial", ALPROTO_TLS, SIG_FLAG_TOSERVER,
- TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData);
+ TLS_STATE_CLIENT_CERT_DONE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("tls.cert_serial", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
- GetData, ALPROTO_TLS, TLS_STATE_CERT_READY);
+ GetData, ALPROTO_TLS, TLS_STATE_CLIENT_CERT_DONE);
DetectBufferTypeSetDescriptionByName("tls.cert_serial",
"TLS certificate serial number");
sigmatch_table[DETECT_TLS_CERT_SUBJECT].flags |= SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOSERVER,
- TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData);
+ TLS_STATE_CLIENT_CERT_DONE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("tls.cert_subject", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
- GetData, ALPROTO_TLS, TLS_STATE_CERT_READY);
+ GetData, ALPROTO_TLS, TLS_STATE_CLIENT_CERT_DONE);
DetectAppLayerInspectEngineRegister("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
- TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData);
+ TLS_STATE_SERVER_CERT_DONE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("tls.cert_subject", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister,
- GetData, ALPROTO_TLS, TLS_STATE_CERT_READY);
+ GetData, ALPROTO_TLS, TLS_STATE_SERVER_CERT_DONE);
DetectBufferTypeSupportsMultiInstance("tls.cert_subject");
sigmatch_table[DETECT_TLS_CERTS].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_TLS_CERTS].flags |= SIGMATCH_INFO_STICKY_BUFFER;
- DetectAppLayerMultiRegister("tls.certs", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY,
- TlsCertsGetData, 2, 1);
- DetectAppLayerMultiRegister("tls.certs", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY,
- TlsCertsGetData, 2, 1);
+ DetectAppLayerMultiRegister("tls.certs", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
+ TLS_STATE_SERVER_CERT_DONE, TlsCertsGetData, 2, 1);
+ DetectAppLayerMultiRegister("tls.certs", ALPROTO_TLS, SIG_FLAG_TOSERVER,
+ TLS_STATE_CLIENT_CERT_DONE, TlsCertsGetData, 2, 1);
DetectBufferTypeSetDescriptionByName("tls.certs", "TLS certificate");
sigmatch_table[KEYWORD_ID].Free = DetectTLSCertChainLenFree;
DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_TLS, SIG_FLAG_TOCLIENT,
- TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL);
+ TLS_STATE_SERVER_CERT_DONE, DetectEngineInspectGenericList, NULL);
g_tls_cert_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME);
}
sigmatch_table[DETECT_TLS_SNI].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_TLS_SNI].flags |= SIGMATCH_INFO_STICKY_BUFFER;
- DetectAppLayerInspectEngineRegister("tls.sni", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0,
- DetectEngineInspectBufferGeneric, GetData);
+ DetectAppLayerInspectEngineRegister("tls.sni", ALPROTO_TLS, SIG_FLAG_TOSERVER,
+ TLS_STATE_CLIENT_HELLO_DONE, DetectEngineInspectBufferGeneric, GetData);
- DetectAppLayerMpmRegister(
- "tls.sni", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0);
+ DetectAppLayerMpmRegister("tls.sni", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData,
+ ALPROTO_TLS, TLS_STATE_CLIENT_HELLO_DONE);
DetectBufferTypeSetDescriptionByName("tls.sni",
"TLS Server Name Indication (SNI) extension");
sigmatch_table[DETECT_TLS_SUBJECTALTNAME].flags |= SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerMultiRegister("tls.subjectaltname", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0,
- TlsSubjectAltNameGetData, 2, TLS_STATE_CERT_READY);
+ TlsSubjectAltNameGetData, 2, TLS_STATE_SERVER_CERT_DONE);
DetectBufferTypeSetDescriptionByName("tls.subjectaltname", "TLS Subject Alternative Name");
g_tls_cert_fingerprint_list_id = DetectBufferTypeRegister("tls.cert_fingerprint");
DetectAppLayerInspectEngineRegister("tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
- TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL);
+ TLS_STATE_SERVER_CERT_DONE, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister("tls_cert", ALPROTO_TLS, SIG_FLAG_TOSERVER,
- TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL);
+ TLS_STATE_CLIENT_CERT_DONE, DetectEngineInspectGenericList, NULL);
}
/**
void LogTlsLogRegister(void)
{
OutputRegisterTxModuleWithProgress(LOGGER_TLS, MODULE_NAME, "tls-log", LogTlsLogInitCtx,
- ALPROTO_TLS, LogTlsLogger, TLS_HANDSHAKE_DONE, TLS_HANDSHAKE_DONE, LogTlsLogThreadInit,
- LogTlsLogThreadDeinit);
+ ALPROTO_TLS, LogTlsLogger, TLS_STATE_CLIENT_HANDSHAKE_DONE,
+ TLS_STATE_SERVER_HANDSHAKE_DONE, LogTlsLogThreadInit, LogTlsLogThreadDeinit);
}
{
/* register as child of eve-log */
OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_TX, "eve-log", "JsonTlsLog", "eve-log.tls",
- OutputTlsLogInitSub, ALPROTO_TLS, JsonTlsLogger, TLS_HANDSHAKE_DONE, TLS_HANDSHAKE_DONE,
- JsonTlsLogThreadInit, JsonTlsLogThreadDeinit);
+ OutputTlsLogInitSub, ALPROTO_TLS, JsonTlsLogger, TLS_STATE_SERVER_HANDSHAKE_DONE,
+ TLS_STATE_CLIENT_HANDSHAKE_DONE, JsonTlsLogThreadInit, JsonTlsLogThreadDeinit);
}
} else if (opts.alproto == ALPROTO_TLS) {
om->TxLogFunc = LuaTxLogger;
om->alproto = ALPROTO_TLS;
- om->tc_log_progress = TLS_HANDSHAKE_DONE;
- om->ts_log_progress = TLS_HANDSHAKE_DONE;
+ om->tc_log_progress = TLS_STATE_SERVER_HANDSHAKE_DONE;
+ om->ts_log_progress = TLS_STATE_CLIENT_HANDSHAKE_DONE;
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
} else if (opts.alproto == ALPROTO_DNS) {
om->TxLogFunc = LuaTxLogger;
projects / thirdparty / suricata.git / commitdiff
