Project

General

Profile

Actions

Bug #2258

closed

rate_filter inconsistency: triggered after "count" detections when by_rule, and after count+1 detections when by_src/by_dst.

Added by Ruslan Usmanov about 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

When I trying to rate_filter by rule, the filter triggered on "count" detections. When I change rate_filter to by src/dst, program allows one more detection before triggering the filter.
In function ThresholdHandlePacketRule() (used on by_rule), event filtered when current_count >= td->count , but in corresponding code in function ThresholdHandlePacketHost() (used on by src/dst), event triggered when current_count > td->count.
This situation leads to inconsistency.

Actions

Also available in: Atom PDF