Ticket #3542 (closed feature request: invalid)
L7 Filter and Regex Rule
|Reported by:||cramped_gamut@…||Owned by:||cperez@…|
|Severity:||normal||Keywords:||RegEx, L7 filter|
I would like to know about the issue in this where the protocol of one is encapsulated inside another one. One example is the SFTP: It could be FTP --> http --> SSH --> SFTP. The interesting one is the innermost but this could only be determined in a later packet.
Can anyone tell me how it is detected from the inside packet?? The method of recognizing it... or any other information will be helpful. Can anyone give me any idea about situations like this and write a list of cases where we will have to look for nested protocols? Additionally: Might it be possible that a nested packet is split that way that the content needed to identify the the inner protocol is split? Would we have to search the RegEx? rule over the border of the outer protocol packet? Is there any issue of this around in literature?