Actions
Bug #2264
closedfile-store.stream-depth not working as expected when configured to a specfic value
Affected Versions:
Effort:
Difficulty:
Label:
Description
Given the following config below -
outputs.14.file-store.stream-depth = 0 stream.reassembly.depth = 2mb
Suricata will file extract any file any size
Given this other config below -
outputs.14.file-store.stream-depth = 5mb stream.reassembly.depth = 2mb
Suricata will only extract files which are up to 2mb in size - aka the "stream.reassembly.depth" configured value. However the expected result is the files extracted to be up to 5Mb as configured by "outputs.14.file-store.stream-depth"
Observed on 4.0.1 and latest git master.
Updated by Andreas Herz about 7 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Giuseppe Longo almost 7 years ago
- Assignee changed from OISF Dev to Giuseppe Longo
Updated by Victor Julien over 6 years ago
- Related to Bug #2506: filestore v1: with stream-depth not null, files are never truncated added
Updated by Victor Julien over 5 years ago
- Status changed from New to Assigned
- Assignee changed from Giuseppe Longo to Jeff Lucovsky
- Target version changed from TBD to 5.0rc1
Giuseppe has done this PR https://github.com/OISF/suricata/pull/3792. It implements a solution for http, but we need to have a look at SMTP, SMB, NFS and FTP as well.
Updated by Victor Julien over 5 years ago
Giuseppe has also created these test cases https://github.com/OISF/suricata-verify/pull/35
Updated by Victor Julien over 5 years ago
- Related to Bug #2495: Stream depth and filestore interaction added
Updated by Victor Julien over 5 years ago
- Related to Support #2369: option force-filestore generate truncated file added
Updated by Victor Julien over 5 years ago
- Assignee changed from Jeff Lucovsky to Victor Julien
Updated by Victor Julien over 5 years ago
- Status changed from Assigned to Closed
Updated by Victor Julien over 5 years ago
- Assignee changed from Victor Julien to Giuseppe Longo
Work was done by Giuseppe.
Updated by Victor Julien over 4 years ago
- Copied to Bug #3633: file-store.stream-depth not working as expected when configured to a specfic value (4.1.x) added
Actions