Project

General

Profile

Actions

Bug #3631

closed

FTP response buffering against TCP stream

Added by Philippe Antoine over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 4.1, Needs backport to 5.0

Description

Now, Suricata parses FTP response packets as if they are always complete.
This is not the TCP logic of streaming.
We have to keep buffering until the response is complete, and we can parse multiple responses in one TCP stream in one time.

Found by running suricata-verify tests while doing TCP stream splitting

Fix proposed https://github.com/OISF/suricata/pull/4789


Related issues 2 (0 open2 closed)

Copied to Suricata - Bug #3650: FTP response buffering against TCP streamClosedVictor JulienActions
Copied to Suricata - Bug #3651: FTP response buffering against TCP streamClosedJeff LucovskyActions
Actions

Also available in: Atom PDF