Project

General

Profile

Actions
Copy link

Bug #2264

closed
PM GL

file-store.stream-depth not working as expected when configured to a specfic value

Bug #2264: file-store.stream-depth not working as expected when configured to a specfic value

Added by Peter Manev over 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Giuseppe Longo
Target version:
5.0rc1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Given the following config below - 

outputs.14.file-store.stream-depth = 0
stream.reassembly.depth = 2mb

Suricata will file extract any file any size

Given this other config below - 

outputs.14.file-store.stream-depth = 5mb
stream.reassembly.depth = 2mb

Suricata will only extract files which are up to 2mb in size - aka the "stream.reassembly.depth" configured value. However the expected result is the files extracted to be up to 5Mb as configured by "outputs.14.file-store.stream-depth"

Observed on 4.0.1 and latest git master.

Related issues 4 (0 open4 closed)

Related to Suricata - Bug #2506: filestore v1: with stream-depth not null, files are never truncated ClosedJeff LucovskyActions
Related to Suricata - Bug #2495: Stream depth and filestore interactionClosedActions
Related to Suricata - Support #2369: option force-filestore generate truncated fileClosedActions
Copied to Suricata - Bug #3633: file-store.stream-depth not working as expected when configured to a specfic value (4.1.x)ClosedVictor JulienActions
Actions
Copy link

Also available in: PDF Atom