Bug #2264: file-store.stream-depth not working as expected when configured to a specfic value - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #2264

closed

file-store.stream-depth not working as expected when configured to a specfic value

Added by Peter Manev over 6 years ago. Updated over 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Giuseppe Longo

Target version:

5.0rc1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Given the following config below -

outputs.14.file-store.stream-depth = 0
stream.reassembly.depth = 2mb

Suricata will file extract any file any size

Given this other config below -

outputs.14.file-store.stream-depth = 5mb
stream.reassembly.depth = 2mb

Suricata will only extract files which are up to 2mb in size - aka the "stream.reassembly.depth" configured value. However the expected result is the files extracted to be up to 5Mb as configured by "outputs.14.file-store.stream-depth"

Observed on 4.0.1 and latest git master.

Related issues 4 (0 open — 4 closed)

Actions

Copy link

Updated by Andreas Herz over 6 years ago

Assignee set to OISF Dev
Target version set to TBD

Actions

Copy link

Updated by Giuseppe Longo about 6 years ago

Assignee changed from OISF Dev to Giuseppe Longo

Actions

Copy link

Updated by Victor Julien over 5 years ago

Related to Bug #2506: filestore v1: with stream-depth not null, files are never truncated added

Actions

Copy link

Updated by Andreas Herz almost 5 years ago

Is this with filestore v1 or v2?

Actions

Copy link

Updated by Victor Julien over 4 years ago

Status changed from New to Assigned
Assignee changed from Giuseppe Longo to Jeff Lucovsky
Target version changed from TBD to 5.0rc1

Giuseppe has done this PR https://github.com/OISF/suricata/pull/3792. It implements a solution for http, but we need to have a look at SMTP, SMB, NFS and FTP as well.

Actions

Copy link