Actions
Bug #2240
closedsuricatasc dump-counters returns error when return message is larger than 4096
Affected Versions:
Effort:
Difficulty:
Label:
Description
"dump-counters" return message size can vary according to the number of threads. If message size is larger than 4096 bytes the command will fail with following error:
# /opt/suricata/bin/suricatasc -c dump-counters Traceback (most recent call last): File "/opt/suricata/bin/suricatasc", line 46, in <module> res = sc.send_command(command, arguments) File "/opt/suricata/lib/python2.7/site-packages/suricatasc/suricatasc.py", line 126, in send_command raise SuricataReturnException("Unable to get message from server") suricatasc.suricatasc.SuricataReturnException: Unable to get message from server
While troubleshooting, direct connection to socket using "nc -U file.socket" works fine. Then, I found that in "suricatasc.py", the message size is hard-coded to 4096:
SIZE = 4096
When data is received in json_recv(), it will be truncated at that size and "json.loads(data)" will fail to parse.
Environment:
Suricata: 4.0
OS: Ubuntu 16.04
Updated by Andreas Herz about 7 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Victor Julien about 7 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Eric Leblond
- Target version changed from TBD to 70
Updated by Eric Leblond almost 7 years ago
- Status changed from Assigned to Closed
Fixed by unix socket protocol v0.2: https://github.com/OISF/suricata/pull/3199
Updated by Eric Leblond almost 7 years ago
- Target version changed from 70 to 4.1beta1
Actions