Feature #735
closed
Introduce content_len keyword
Added by Anoop Saldanha about 11 years ago.
Updated about 6 years ago.
Description
Add support for the content_len keyword.
Can be used as -
conten_len:<op>,<no>;
where,
op - >, <, >=, <=, = ,!=,
no - unsigned integer
The content_len can be modified by the http_* modifiers.
For example,
content:"index"; http_uri; content_len:=,8; http_uri;
If no modifier is used, it would match on the packet payload length(which is the same as dsize)
Suggestions, comments?
Related issues
1 (1 open — 0 closed)
I think the syntax should probably be more like urilen, filesize and dsize:
dsize:1; is exact match
urilen:5<>10; is a range
Like the concept. Think it makes sense to have a generic match for this.
Have almost completed this work, but I've used the operators like the way I've specified. Felt it was neater if one wants to specify equal_to or not_equal_to.
Will change it to the dsize format if needed.
- Status changed from New to Assigned
- Target version changed from TBD to 2.0rc2
- Target version changed from 2.0rc2 to 3.0RC2
- Target version changed from 3.0RC2 to TBD
- Assignee changed from Anoop Saldanha to OISF Dev
- Related to Task #2309: SuriCon 2017 brainstorm added
- Assignee changed from OISF Dev to Victor Julien
- Target version changed from TBD to 70
- Status changed from Assigned to Closed
- Target version changed from 70 to 4.1beta1
Also available in: Atom
PDF