[Oisf-users] HTTP traffic

Victor Julien victor at inliniac.net
Tue Jul 27 09:57:22 UTC 2010

Not exactly similar. In our current git master and our upcoming 1.0.1
release there will be a setting to control the depth of stream
reassembly. This will control how far into a stream Suricata
reassembles, and how much of a stream is fed to our HTTP parsing module.
It's generic right now, so it applies to all tcp connections including
non-http ones.

Individual packets of the same stream will still be inspected though.


Xiong Wu wrote:
> Hi All,
> In snort, the flow_depth option of http_inspect preprocessor is able
> to specify the amount of server response payload to inspect. This
> option increases performance to handle HTTP traffic.  Is there any
> similar option in suricata.
> Thanks,
> Sean.
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list