Support #1400: Reordering packet in Suricata - Suricata - Open Information Security Foundation

Actions

Copy link

Support #1400

closed

Reordering packet in Suricata

Added by john kely about 9 years ago. Updated almost 8 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Affected Versions:

Label:

Description

When extracting file from HTTP (upload or download file) and SMTP (attachment in mail), i find many files have been truncated.
After testing clearly, I know this issue due to the packets were out of order.
Once Suricata has packet out of order (or have GAP), it not supports and stop dumping file anyway.
So, extract file processing not done!
If we reorder whole packets in network, it costs expensively.
Should we reorder packets only in extracting file case?

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Support #1400

Reordering packet in Suricata

Updated by Victor Julien about 9 years ago

Updated by Peter Manev about 9 years ago

Updated by john kely about 9 years ago

Updated by john kely about 9 years ago

Updated by Andreas Herz about 8 years ago

Updated by Victor Julien almost 8 years ago