Project

General

Profile

Actions
Copy link

Bug #2492

closed

Inverted IP params in fileinfo events

Added by Eric Leblond about 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Eric Leblond
Target version:
4.1rc1
Affected Versions:
4.1beta1
Effort:
Difficulty:
Label:
Actions
Copy link
 #1

Updated by Eric Leblond about 6 years ago

  • Subject changed from INverted IP params in fileinfo events to Inverted IP params in fileinfo events
  • Assignee set to Eric Leblond
  • Target version set to 4.1rc1

The fileinfo event for a HTTP GET request has the destination IP params set to the server instead of having it set to the client. The entry should respect the way of the data in the TCP session.

Actions
Copy link
 #2

Updated by Victor Julien about 6 years ago

I think the logging should respect the file direction. In all implementations the files are in per-direction 'FileContainers' so this could be used to get the direction of the file.

Actions
Copy link
 #3

Updated by Eric Leblond about 6 years ago

Proposal implementation there: https://github.com/OISF/suricata/pull/3344

Actions
Copy link
 #4

Updated by Victor Julien almost 6 years ago

  • Status changed from New to Closed
Actions
Copy link

Also available in: Atom PDF