diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2025-02-11 13:50:00 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-11 13:50:00 +0100 |
| commit | 73d1856525d99a22328d50dc15a24940a3f86922 (patch) | |
| tree | 1df16fd9f3c25293944b9d53d514e0f9efe7fcd4 /doc | |
| parent | d738b60cac411d91d3474ec6cc9457f7c86110dd (diff) | |
DNS: disable subclassification by default (#2715)
Prelimary change to start supporting multiple DNS transactions on the
same flow
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/configuration_parameters.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md index bb1e17a67..bb39280fd 100644 --- a/doc/configuration_parameters.md +++ b/doc/configuration_parameters.md @@ -67,7 +67,7 @@ List of the supported configuration options: | "stun" | "metadata.attribute.relayed_address" | enable | NULL | NULL | Enable/disable extraction of (xor-)relayed-address attribute for STUN flows. If it is disabled, STUN classification might be significant faster | | "stun" | "metadata.attribute.peer_address" | enable | NULL | NULL | Enable/disable extraction of (xor-)peer-address attribute for STUN flows. If it is disabled, STUN classification might be significant faster; however sub-classification capability might be negatively impacted | | "bittorrent" | "metadata.hash" | enable | NULL | NULL | Enable/disable extraction of hash metadata for Bittorrent flows. | -| "dns" | "subclassification" | enable | NULL | NULL | Enable/disable sub-classification of DNS flows (via query/response domain name). | +| "dns" | "subclassification" | disable | NULL | NULL | Enable/disable sub-classification of DNS flows (via query/response domain name). | | "dns" | "process_response" | enable | NULL | NULL | Enable/disable processing of DNS responses. By default, DNS flows are fully classified after the first request/response pair (or after the first response, if the request is missing). If this parameter is disabled, the flows are fully classified after the first packet, i.e. usually after the first request; in that case, some flow risks are not checked and some metadata are not exported | | "http" | "process_response" | enable | NULL | NULL | Enable/disable processing of HTTP responses. By default, HTTP flows are usually fully classified after the first request/response pair. If this parameter is disabled, the flows are fully classified after the first request (or after the first response, if the request is missing); in that case, some flow risks are not checked and some metadata are not exported | | "http" | "subclassification" | enable | NULL | NULL | Enable/disable sub-classification of HTTP flows | |