Bug #2257
openrate_filter doesn't honor "timeout" if it is longer than "seconds" parameter
Description
When rate_filter set with "timeout" longer than "seconds" (which is common configuration, see example in http://suricata.readthedocs.io/en/latest/configuration/global-thresholds.html ), program restarts counting of detections when "seconds" expire after last detection, not when "timeout" expires.
In function ThresholdTimeoutCheck(), tv_timeout not taken into consideration, causing program to ignore this parameter and allowing the entry to expire.
AH Updated by Andreas Herz over 8 years ago
- Assignee set to OISF Dev
- Target version set to TBD
VJ Updated by Victor Julien about 7 years ago
Hi Ruslan, did you submit a fix for this ticket as well? I don't see the ticket number referenced in the commits you have in the tree.
RU Updated by Ruslan Usmanov about 7 years ago
Victor Julien wrote:
Hi Ruslan, did you submit a fix for this ticket as well? I don't see the ticket number referenced in the commits you have in the tree.
Hi Julien, sorry for delay in the answer, I don't think I fixed this issue, created the ticket in order to address it later.
AH Updated by Andreas Herz over 6 years ago
- Status changed from New to Feedback
Are you willing to submit a PR for that?
PA Updated by Philippe Antoine 9 months ago
- Status changed from Feedback to New
PA Updated by Philippe Antoine 9 months ago
- Status changed from New to Feedback
Is this still a problem in Suricata 8 ?
How can we reproduce ?