Feature #1576
http: byte-range support
Description
Not currently supported by libhtp: https://github.com/OISF/libhtp/issues/58
Some discussion: https://lists.openinfosecfoundation.org/pipermail/oisf-devel/2015-October/003492.html
Related issues
Updated by Victor Julien about 2 years ago
- Related to Feature #2485: http: log byte range with file extraction added
Updated by Raymond Hansen over 1 year ago
First step would be to document the chunks of file(s) as identified per sensor, if multiple sensors are in use.
Updated by Victor Julien over 1 year ago
- Has duplicate Bug #2326: File extraction not properly handling http range requests added
Updated by Victor Julien about 1 year ago
- Related to Feature #1017: Add support for content-range added
Updated by Philippe Antoine about 1 year ago
My understanding is the following :
We now log the byte-range but we would like suricata to handle the complete file reassembly (in case there is any).
Is that correct ?
Is there already an example of suricata of reassembly over TCP ? And in this case over different flows ?
Updated by Philippe Antoine 7 months ago
First is rebuilding the file if multiple requests/responses are in the same flow
Updated by Andreas Herz 7 months ago
Does anyone remember WHAT smaller tasks we wanted to create :)?
Updated by Philippe Antoine 7 months ago
First is rebuilding file if multiple transactions are in the same flow (maybe first subclass, if they are in the right order)
Then next task would be to see what to do if the transactions are across many flows
Updated by Philippe Antoine 4 months ago
- Status changed from Assigned to In Review