[Oisf-devel] http reply with deflate not supported on Suricata ?
Ivan Ristić
ivan.ristic at gmail.com
Mon Jul 8 07:57:41 UTC 2013
On 08/07/2013 08:39, Victor Julien wrote:
> On 07/06/2013 09:58 PM, rmkml wrote:
>> Hi,
>>
>> Anyone confirm if deflate compression are supported or not on Suricata
>> please ? (on http reply) or it's planned ?
>>
>> libhtp/htp/htp.h : (suricata git 4 jul)
>> ...
>> #define COMPRESSION_NONE 0
>> #define COMPRESSION_GZIP 1
>> #define COMPRESSION_COMPRESS 2 // Not implemented
>> #define COMPRESSION_DEFLATE 3 // Not implemented
>> ...
>>
>> Im curious, deflate compression are not implemented on libhtp because
>> deflate are minor on http compression trafic, or deflate/compress are
>> complicated implementation please ?
It's just that LibHTP did not support it at that point of time. GZIP and
DEFLATE are the same compression algorihtm: GZIP = header + DEFLATE.
>> If you want, I open a new redmine ticket.
>
> Libhtp indeed doesn't support it yet, so Suricata doesn't either. Please
> open a ticket. Thanks!
Actually, LibHTP does not seem to support it in the old version (0.2.x),
which Suricata 1.4.x and earlier are using. The current version (0.5.x,
which Suricata has moved to recently) supports DEFLATE.
--
Ivan
More information about the Oisf-devel
mailing list