Project

General

Profile

Actions

Bug #2264

closed

file-store.stream-depth not working as expected when configured to a specfic value

Added by Peter Manev about 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Given the following config below -

outputs.14.file-store.stream-depth = 0
stream.reassembly.depth = 2mb

Suricata will file extract any file any size

Given this other config below -

outputs.14.file-store.stream-depth = 5mb
stream.reassembly.depth = 2mb

Suricata will only extract files which are up to 2mb in size - aka the "stream.reassembly.depth" configured value. However the expected result is the files extracted to be up to 5Mb as configured by "outputs.14.file-store.stream-depth"

Observed on 4.0.1 and latest git master.


Related issues 4 (0 open4 closed)

Related to Suricata - Bug #2506: filestore v1: with stream-depth not null, files are never truncated ClosedJeff LucovskyActions
Related to Suricata - Bug #2495: Stream depth and filestore interactionClosedActions
Related to Suricata - Support #2369: option force-filestore generate truncated fileClosedActions
Copied to Suricata - Bug #3633: file-store.stream-depth not working as expected when configured to a specfic value (4.1.x)ClosedVictor JulienActions
Actions #1

Updated by Andreas Herz about 7 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions #2

Updated by Giuseppe Longo almost 7 years ago

  • Assignee changed from OISF Dev to Giuseppe Longo
Actions #3

Updated by Victor Julien over 6 years ago

  • Related to Bug #2506: filestore v1: with stream-depth not null, files are never truncated added
Actions #4

Updated by Andreas Herz over 5 years ago

Is this with filestore v1 or v2?

Actions #5

Updated by Victor Julien over 5 years ago

  • Status changed from New to Assigned
  • Assignee changed from Giuseppe Longo to Jeff Lucovsky
  • Target version changed from TBD to 5.0rc1

Giuseppe has done this PR https://github.com/OISF/suricata/pull/3792. It implements a solution for http, but we need to have a look at SMTP, SMB, NFS and FTP as well.

Actions #6

Updated by Victor Julien over 5 years ago

Giuseppe has also created these test cases https://github.com/OISF/suricata-verify/pull/35

Actions #7

Updated by Victor Julien over 5 years ago

  • Related to Bug #2495: Stream depth and filestore interaction added
Actions #8

Updated by Victor Julien over 5 years ago

  • Related to Support #2369: option force-filestore generate truncated file added
Actions #9

Updated by Peter Manev over 5 years ago

@Andreas - filestore v2

Actions #10

Updated by Victor Julien over 5 years ago

  • Assignee changed from Jeff Lucovsky to Victor Julien
Actions #11

Updated by Victor Julien over 5 years ago

  • Status changed from Assigned to Closed
Actions #12

Updated by Victor Julien over 5 years ago

  • Assignee changed from Victor Julien to Giuseppe Longo

Work was done by Giuseppe.

Actions #13

Updated by Victor Julien over 4 years ago

  • Copied to Bug #3633: file-store.stream-depth not working as expected when configured to a specfic value (4.1.x) added
Actions

Also available in: Atom PDF