[Oisf-users] Suricata support for size of HTTP bodies

Darren S. phatbuckett at gmail.com
Fri Apr 22 23:08:42 UTC 2016


Is it possible to introduce keywords that can function similar to
'dsize', but provides the size of the HTTP request body and the HTTP
response body?

If I'm not mistaken dsize cannot be used alongside "app layer"
keywords and it would be great to have keywords providing size of
buffers not including headers, etc.

I think this may be same/similar to this issue:

# Feature #735: "Introduce content_len keyword"
https://redmine.openinfosecfoundation.org/issues/735


To take this a step further, does it make sense to introduce keywords
for the size of each buffer provided at the HTTP layer, period?

-- 
Darren Spruell
phatbuckett at gmail.com


More information about the Oisf-users mailing list