Re: Feature request: isdataat ability in specific (preprocessor) buffers

[Joel Esler <jesler () sourcefire com>]

After looking into it with some help from Development, they pointed me
to a bug where we have that as a feature enhancement already, it's
contingent upon something much bigger, but we have the FR tracked.
Thanks.

On Fri, Oct 18, 2013 at 7:14 AM, Bad Horse <b4dh0rs3 () gmail com> wrote:
> Sure, the one I didn't see working was http_uri.  I assumed that the other
> buffers for the http_inspect preprocessor didn't work for "isdataat" as well
> and if the "http_*" buffers weren't able to be used for "isdataat", I
> figured that the other preprocessor buffers weren't recognized too.  Tested
> on Snort 2.9.1 and Snort 2.9.3.
>
>
> Thanks.
>
> -B4d H0rs3
>  The Thoroughbred of SYN
>
>
> On Fri, Oct 18, 2013 at 9:54 AM, Joel Esler <jesler () sourcefire com> wrote:
> > Is there a buffer that doesn't work that you've noticed?
> >
> > Sent from my iPhone
> >
> > On Oct 18, 2013, at 6:42, Bad Horse <b4dh0rs3 () gmail com> wrote:
> >
> > This is a feature request to have Snort include the capability to use the
> > 'isdataat' keyword for specific (preprocessor) buffers (e.g. http_uri,
> > http_header, etc.).
> >
> > Thanks.
> >
> > -B4d H0rs3
> >  The Thoroughbred of SYN
> >
> >
> > ------------------------------------------------------------------------------
> > October Webinars: Code for Performance
> > Free Intel webinars can help you accelerate application performance.
> > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> > from
> > the latest Intel processors and coprocessors. See abstracts and register >
> >
> > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
> >
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel () lists sourceforge net
> > https://lists.sourceforge.net/lists/listinfo/snort-devel
> > Archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
> >
> > Please visit http://blog.snort.org for the latest news about Snort!



-- 
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!