Bug #2257
open
rate_filter doesn't honor "timeout" if it is longer than "seconds" parameter
Added by Ruslan Usmanov almost 8 years ago.
Updated about 1 month ago.
Description
When rate_filter set with "timeout" longer than "seconds" (which is common configuration, see example in http://suricata.readthedocs.io/en/latest/configuration/global-thresholds.html ), program restarts counting of detections when "seconds" expire after last detection, not when "timeout" expires.
In function ThresholdTimeoutCheck(), tv_timeout not taken into consideration, causing program to ignore this parameter and allowing the entry to expire.
- Assignee set to OISF Dev
- Target version set to TBD
Hi Ruslan, did you submit a fix for this ticket as well? I don't see the ticket number referenced in the commits you have in the tree.
Victor Julien wrote:
Hi Ruslan, did you submit a fix for this ticket as well? I don't see the ticket number referenced in the commits you have in the tree.
Hi Julien, sorry for delay in the answer, I don't think I fixed this issue, created the ticket in order to address it later.
- Status changed from New to Feedback
Are you willing to submit a PR for that?
- Status changed from Feedback to New
- Status changed from New to Feedback
Is this still a problem in Suricata 8 ?
How can we reproduce ?
Also available in: Atom
PDF