Project

General

Profile

Bug #2240

suricatasc dump-counters returns error when return message is larger than 4096

Added by Srinath M. 8 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:

Description

"dump-counters" return message size can vary according to the number of threads. If message size is larger than 4096 bytes the command will fail with following error:

# /opt/suricata/bin/suricatasc -c dump-counters
Traceback (most recent call last):
File "/opt/suricata/bin/suricatasc", line 46, in <module>
res = sc.send_command(command, arguments)
File "/opt/suricata/lib/python2.7/site-packages/suricatasc/suricatasc.py", line 126, in send_command
raise SuricataReturnException("Unable to get message from server")
suricatasc.suricatasc.SuricataReturnException: Unable to get message from server

While troubleshooting, direct connection to socket using "nc -U file.socket" works fine. Then, I found that in "suricatasc.py", the message size is hard-coded to 4096:

SIZE = 4096

When data is received in json_recv(), it will be truncated at that size and "json.loads(data)" will fail to parse.

Environment:

Suricata: 4.0
OS: Ubuntu 16.04

History

#1 Updated by Andreas Herz 8 months ago

  • Assignee set to OISF Dev
  • Target version set to TBD

#2 Updated by Victor Julien 8 months ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Eric Leblond
  • Target version changed from TBD to Soon

#3 Updated by Eric Leblond 3 months ago

  • Status changed from Assigned to Closed

Fixed by unix socket protocol v0.2: https://github.com/OISF/suricata/pull/3199

#4 Updated by Eric Leblond 3 months ago

  • Target version changed from Soon to 4.1beta1

Also available in: Atom PDF