[Oisf-users] LUA Payload Size

Clark Kent ctyk3322 at gmail.com
Fri Nov 9 19:00:54 UTC 2018


That is great, glad I wasn't over looking something in the documentation.
Thank you share sharing the code piece.

Is it possible to do something similar in the case where the protocol is
not HTTP and just tcp? More specifically in a single stream over tcp.

On Fri, Nov 9, 2018 at 1:09 PM Chris Wakelin <cwakelin at emergingthreats.net>
wrote:

> I usually end up doing something like
>
> D = HttpGetResponseBody()
> d = ""
> for i = 1, #D, 1 do
>     d = d .. D[i]
> end
>
> then "#d" would be the response size. But there may be better ways
> depending; e.g. you might be able to trust a value from a response
> header, and of course you could just do
>
> d = 0
> for i = 1, #D, 1 do
>   d = d + #D[i]
> end
>
> if you just need the size.
>
> Best Wishes,
> Chris
>
>
> On 09/11/2018 13:07, Clark Kent wrote:
> > I tried looking at the available features in the documentation. So I
> > apologize if this is already answer there and I am just missing it.
> >
> > Is there a way to return the payload size when writing a LUA script?
> >
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> > Conference: https://suricon.net
> > Trainings: https://suricata-ids.org/training/
> >
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181109/4ce6dfeb/attachment.html>


More information about the Oisf-users mailing list