Bug #2257: rate_filter doesn't honor "timeout" if it is longer than "seconds" parameter - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #2257

open

rate_filter doesn't honor "timeout" if it is longer than "seconds" parameter

Added by Ruslan Usmanov over 6 years ago. Updated over 4 years ago.

Status:

Feedback

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

Effort:

Difficulty:

Label:

Description

When rate_filter set with "timeout" longer than "seconds" (which is common configuration, see example in http://suricata.readthedocs.io/en/latest/configuration/global-thresholds.html ), program restarts counting of detections when "seconds" expire after last detection, not when "timeout" expires.
In function ThresholdTimeoutCheck(), tv_timeout not taken into consideration, causing program to ignore this parameter and allowing the entry to expire.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #2257

rate_filter doesn't honor "timeout" if it is longer than "seconds" parameter

Updated by Andreas Herz over 6 years ago

Updated by Victor Julien about 5 years ago

Updated by Ruslan Usmanov about 5 years ago

Updated by Andreas Herz over 4 years ago