[Oisf-devel] EXTERNAL: Re: Lua Output - Streaming Data
Gofran, Paul
paul.gofran at lmco.com
Fri Nov 14 17:45:20 UTC 2014
#1317 submitted.
Thanks!
Paul
-----Original Message-----
From: oisf-devel-bounces at lists.openinfosecfoundation.org [mailto:oisf-devel-bounces at lists.openinfosecfoundation.org] On Behalf Of Victor Julien
Sent: Friday, November 14, 2014 11:45 AM
To: oisf-devel at lists.openinfosecfoundation.org
Subject: EXTERNAL: Re: [Oisf-devel] Lua Output - Streaming Data
On 11/14/2014 04:15 PM, Gofran, Paul wrote:
> When using the Lua Output feature to stream data, is there any way to
> determine when a flow has ended? Or to know when a stream is the last
> stream in a flow?
>
>
>
> I'm trying to reassemble a full payload to scan it externally, but
> don't want to scan it until I know I have the full payload.
>
It looks like this information isn't exposed to the scripts currently.
Adding it would be trivial, the underlying code has this info in the form of a set of flags.
Can you open a ticket?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
_______________________________________________
Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
Redmine: https://redmine.openinfosecfoundation.org/
More information about the Oisf-devel
mailing list