Logging packet with mismatch content_size and data is being sent after reset

Hi Bro’ers,

I wonder if you could help me.

I have created a policy that logs when a http stream has mismatch content-size versus body.
This works fine but I need to add an extra check to see if data is being sent after a reset.

I have uploaded my policy for you to see.


i know the weird.bro policy logs ‘data_after_reset’, but I don’t know how to incorporate this in my policy.

Could you please help me?

Kind regards,