https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022017-07-08T16:55:33ZOpen Information Security FoundationSuricata - Feature #2174: Need a special keyword and functionality for ip address extraction from a content (html body for ex.) and comparing it to src,dst_ip/EXTERNAL,HOME_NEThttps://redmine.openinfosecfoundation.org/issues/2174?journal_id=84742017-07-08T16:55:33Zajaxtpm ajaxtpm
<ul></ul><p>I'm sorry, of course there must not be any <bytes_to_convert> parameter because ip address takes 4 bytes in binary representation and from 7 to 15 bytes as a string and we do not know exact ip string size before extraction. So, no <bytes_to_convert> there. Also it may be useful to skip trailing spaces after <offset> bytes in case of string ip representation.<br />And of course all of this is about IPv4 and it may be better to name it "ipv4_extract".</p> Suricata - Feature #2174: Need a special keyword and functionality for ip address extraction from a content (html body for ex.) and comparing it to src,dst_ip/EXTERNAL,HOME_NEThttps://redmine.openinfosecfoundation.org/issues/2174?journal_id=85082017-07-18T15:31:23ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Assignee</strong> set to <i>Anonymous</i></li><li><strong>Target version</strong> set to <i>TBD</i></li></ul> Suricata - Feature #2174: Need a special keyword and functionality for ip address extraction from a content (html body for ex.) and comparing it to src,dst_ip/EXTERNAL,HOME_NEThttps://redmine.openinfosecfoundation.org/issues/2174?journal_id=112512019-02-23T22:20:13ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Assignee</strong> set to <i>Community Ticket</i></li></ul>