Project

General

Profile

Actions
Copy link

Bug #2264

closed
PM GL

file-store.stream-depth not working as expected when configured to a specfic value

Bug #2264: file-store.stream-depth not working as expected when configured to a specfic value

Added by Peter Manev over 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Giuseppe Longo
Target version:
5.0rc1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Given the following config below - 

outputs.14.file-store.stream-depth = 0
stream.reassembly.depth = 2mb

Suricata will file extract any file any size

Given this other config below - 

outputs.14.file-store.stream-depth = 5mb
stream.reassembly.depth = 2mb

Suricata will only extract files which are up to 2mb in size - aka the "stream.reassembly.depth" configured value. However the expected result is the files extracted to be up to 5Mb as configured by "outputs.14.file-store.stream-depth"

Observed on 4.0.1 and latest git master.

Related issues 4 (0 open4 closed)

Related to Suricata - Bug #2506: filestore v1: with stream-depth not null, files are never truncated ClosedJeff LucovskyActions
Related to Suricata - Bug #2495: Stream depth and filestore interactionClosedActions
Related to Suricata - Support #2369: option force-filestore generate truncated fileClosedActions
Copied to Suricata - Bug #3633: file-store.stream-depth not working as expected when configured to a specfic value (4.1.x)ClosedVictor JulienActions

AH Updated by Andreas Herz over 8 years ago Actions
Copy link
 #1

  • Assignee set to OISF Dev
  • Target version set to TBD

GL Updated by Giuseppe Longo about 8 years ago Actions
Copy link
 #2

  • Assignee changed from OISF Dev to Giuseppe Longo

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
 #3

  • Related to Bug #2506: filestore v1: with stream-depth not null, files are never truncated added

AH Updated by Andreas Herz over 6 years ago Actions
Copy link
 #4

Is this with filestore v1 or v2?

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
 #5

  • Status changed from New to Assigned
  • Assignee changed from Giuseppe Longo to Jeff Lucovsky
  • Target version changed from TBD to 5.0rc1

Giuseppe has done this PR https://github.com/OISF/suricata/pull/3792. It implements a solution for http, but we need to have a look at SMTP, SMB, NFS and FTP as well.

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
 #6

Giuseppe has also created these test cases https://github.com/OISF/suricata-verify/pull/35

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
 #7

  • Related to Bug #2495: Stream depth and filestore interaction added

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
 #8

  • Related to Support #2369: option force-filestore generate truncated file added

PM Updated by Peter Manev over 6 years ago Actions
Copy link
 #9

@Andreas - filestore v2

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
 #10

  • Assignee changed from Jeff Lucovsky to Victor Julien

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
 #11

  • Status changed from Assigned to Closed

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
 #12

  • Assignee changed from Victor Julien to Giuseppe Longo

Work was done by Giuseppe.

VJ Updated by Victor Julien almost 6 years ago Actions
Copy link
 #13

  • Copied to Bug #3633: file-store.stream-depth not working as expected when configured to a specfic value (4.1.x) added
Actions
Copy link

Also available in: PDF Atom