alert dns any any -> any any (msg:"SURICATA DNS Z flag set"; app-layer-event:dns.z_flag_set; sid:2240006; rev:1;)
# Request Flood Detected
alert dns any any -> any any (msg:"SURICATA DNS request flood detected"; flow:to_server; app-layer-event:dns.flooded; sid:2240007; rev:1;)
+# Per-flow (state) memcap reached. Relates to the app-layer.protocols.dns.state-memcap setting.
+alert dns any any -> any any (msg:"SURICATA DNS request flood detected"; flow:to_server; app-layer-event:dns.state_memcap_reached; sid:2240008; rev:1;)
if (state != NULL) {
if (state->memuse + want > dns_config.state_memcap) {
SC_ATOMIC_ADD(dns_memcap_state, 1);
+ DNSSetEvent(state, DNS_DECODER_EVENT_STATE_MEMCAP_REACHED);
return -1;
}
}
{ "NOT_A_RESPONSE", DNS_DECODER_EVENT_NOT_A_RESPONSE, },
{ "Z_FLAG_SET", DNS_DECODER_EVENT_Z_FLAG_SET, },
{ "FLOODED", DNS_DECODER_EVENT_FLOODED, },
+ { "STATE_MEMCAP_REACHED", DNS_DECODER_EVENT_STATE_MEMCAP_REACHED, },
{ NULL, -1 },
};
DNS_DECODER_EVENT_NOT_A_RESPONSE,
DNS_DECODER_EVENT_Z_FLAG_SET,
DNS_DECODER_EVENT_FLOODED,
+ DNS_DECODER_EVENT_STATE_MEMCAP_REACHED,
};
/** \brief DNS packet header */
projects / thirdparty / suricata.git / commitdiff
