Project

General

Profile

Actions

Bug #2240

closed

suricatasc dump-counters returns error when return message is larger than 4096

Added by Srinath M. about 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

"dump-counters" return message size can vary according to the number of threads. If message size is larger than 4096 bytes the command will fail with following error:

# /opt/suricata/bin/suricatasc -c dump-counters
Traceback (most recent call last):
File "/opt/suricata/bin/suricatasc", line 46, in <module>
res = sc.send_command(command, arguments)
File "/opt/suricata/lib/python2.7/site-packages/suricatasc/suricatasc.py", line 126, in send_command
raise SuricataReturnException("Unable to get message from server")
suricatasc.suricatasc.SuricataReturnException: Unable to get message from server

While troubleshooting, direct connection to socket using "nc -U file.socket" works fine. Then, I found that in "suricatasc.py", the message size is hard-coded to 4096:

SIZE = 4096

When data is received in json_recv(), it will be truncated at that size and "json.loads(data)" will fail to parse.

Environment:

Suricata: 4.0
OS: Ubuntu 16.04

Actions #1

Updated by Andreas Herz about 7 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions #2

Updated by Victor Julien about 7 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Eric Leblond
  • Target version changed from TBD to 70
Actions #3

Updated by Eric Leblond almost 7 years ago

  • Status changed from Assigned to Closed

Fixed by unix socket protocol v0.2: https://github.com/OISF/suricata/pull/3199

Actions #4

Updated by Eric Leblond almost 7 years ago

  • Target version changed from 70 to 4.1beta1
Actions

Also available in: Atom PDF