[Oisf-devel] Custom ICAP parser to work with http signatures
Elena Bykovchenko
holgrain at protonmail.com
Sat Jan 5 00:08:52 UTC 2019
Hello. I want to make Suricata work with ICAP in a way that will allow it to analyze traffic from ICAP content as if it was normal HTTP traffic (so HTTP signatures would work). Suppose I have a custom parser for ICAP. How do I notify the engine that the ICAP request body should be parsed by HTTP parser next? Is it possible? I couldn't find any code that I could use for it. Sorry, the code base is extensive, I might have missed something.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20190105/9cce2757/attachment.html>
More information about the Oisf-devel
mailing list