Task #7061
opencontent-inspect: expand accepted range of depth/offset/distance & related
Description
Refactor and cleanup
- Offset
- Depth
- Distance
and similar values throughout the keywords/transforms that support them.
65535 is a bounding value for many offset/depth usages but in other places, a signed 32 bit value is used.
The values supported should be examined for
- Consistency throughout the Suricata keyword set
- Relevance to the data blocks that they are applied to
We should be careful to document all changes
- Changes that result in more restrictive value ranges should be carefully considered and ample warning provided if existing usages won't be accepted
- Changes that relax value ranges should be called out in upgrade and documention.
Updated by Victor Julien 6 months ago
- Subject changed from Consistency: Refactor/cleanup depth/offset/distance to content-inspect: refactor/cleanup depth/offset/distance
Updated by Victor Julien 6 months ago
- Subject changed from content-inspect: refactor/cleanup depth/offset/distance to content-inspect: expand accepted range of depth/offset/distance & related
These keywords were originally designed towards inspecting IP packets, hence the 16 bit limits in many places. However nowadays we inspect many larger buffers like stream data, HTTP body data, etc. So we should be able to express this.
Updated by Victor Julien 4 months ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Victor Julien
- Target version changed from TBD to 8.0.0-beta1