Project

General

Profile

Actions

Bug #2258

closed

rate_filter inconsistency: triggered after "count" detections when by_rule, and after count+1 detections when by_src/by_dst.

Added by Ruslan Usmanov about 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

When I trying to rate_filter by rule, the filter triggered on "count" detections. When I change rate_filter to by src/dst, program allows one more detection before triggering the filter.
In function ThresholdHandlePacketRule() (used on by_rule), event filtered when current_count >= td->count , but in corresponding code in function ThresholdHandlePacketHost() (used on by src/dst), event triggered when current_count > td->count.
This situation leads to inconsistency.

Actions #1

Updated by Andreas Herz almost 7 years ago

  • Assignee set to Anonymous
  • Target version set to TBD

Are you interested in working on that part of the code?

Actions #2

Updated by Ruslan Usmanov almost 7 years ago

Yes

Actions #3

Updated by Victor Julien almost 7 years ago

  • Status changed from New to Assigned
  • Assignee changed from Anonymous to Ruslan Usmanov
Actions #5

Updated by Victor Julien over 6 years ago

  • Status changed from Assigned to Closed
  • Target version changed from TBD to 4.1beta1
Actions

Also available in: Atom PDF