Actions
Feature #1281
closedlong snort ruleset support for "SC_ERR_NOT_SUPPORTED(225): content length greater than 255 unsupported"
Description
I'm running pfSense 2.1.5-RELEASE (amd64) on (nano) FreeBSD 8.3-RELEASE-p16 with Suricata 2.0.3 pkg v2.0.2 and snortrules-snapshot-2962.tar.gz with snort 'balanced' IPS rules. I'm seeing the following in my logs:
18/9/2014 -- 14:04:21 - <Error> -- [ERRCODE: SC_ERR_NOT_SUPPORTED(225)] - Currently we don't support content length greater than 255. Please split the pattern, if length > 255. The length of the content after normalization is "288".
Could long snort rulecontent be supported sometime in the future?
Updated by Victor Julien over 9 years ago
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version set to 3.0RC2
Looks like the mpm algo's can handle this (although a 255+ byte pattern wouldn't make much sense there), so this shouldn't be hard to do.
Updated by Victor Julien over 9 years ago
- Assignee changed from Victor Julien to Jason Ish
Updated by Victor Julien over 9 years ago
- Target version changed from 3.0RC2 to 2.1beta3
Updated by Victor Julien over 9 years ago
- Target version changed from 2.1beta3 to 2.1beta4
Updated by Victor Julien almost 9 years ago
- Target version changed from 2.1beta4 to 3.0RC1
Updated by Victor Julien almost 9 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Actions