Project

General

Profile

Feature #1576

http: byte-range support

Added by Victor Julien almost 4 years ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Not currently supported by libhtp: https://github.com/OISF/libhtp/issues/58

Some discussion: https://lists.openinfosecfoundation.org/pipermail/oisf-devel/2015-October/003492.html

Related issues

Related to Support #2309: SuriCon 2017 brainstormNew12/01/2017Actions
Related to Feature #2485: http: log byte range with file extractionClosedActions
Related to Feature #1017: Add support for content-rangeNew10/29/2013Actions
Has duplicate Bug #2326: File extraction not properly handling http range requestsClosedActions

History

#1

Updated by Andreas Herz over 3 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
#2

Updated by Victor Julien over 3 years ago

Related to #1017

#3

Updated by Victor Julien over 1 year ago

#4

Updated by Victor Julien over 1 year ago

  • Related to Feature #2485: http: log byte range with file extraction added
#5

Updated by Raymond Hansen 9 months ago

First step would be to document the chunks of file(s) as identified per sensor, if multiple sensors are in use.

#6

Updated by Victor Julien 6 months ago

  • Has duplicate Bug #2326: File extraction not properly handling http range requests added
#7

Updated by Victor Julien 5 months ago

#8

Updated by Philippe Antoine 3 months ago

  • Assignee changed from OISF Dev to Philippe Antoine
#9

Updated by Philippe Antoine 3 months ago

My understanding is the following :
We now log the byte-range but we would like suricata to handle the complete file reassembly (in case there is any).
Is that correct ?
Is there already an example of suricata of reassembly over TCP ? And in this case over different flows ?

Also available in: Atom PDF