Project

General

Profile

Actions

Feature #3887

closed

yaml: Increase maximum size for address vars

Added by Duane Howard over 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

It appears the maximum length for an address var is 8192 bytes0 when dynamically generating lists for vars in large networks, it is easy to exceed this limit (especially with IPv6 network ranges). Can this be increased?

The only current workaround I'm aware of is to try to dynamically split lists and generate multiple vars which is... a bit unruly

[0] https://github.com/OISF/suricata/blob/master/src/detect-engine-address.c#L746


Related issues 2 (1 open1 closed)

Related to Suricata - Bug #2190: apparent 1000 character limit in threshold.conf IP listsClosedJeff LucovskyActions
Related to Suricata - Task #4097: Suricon 2020 brainstormAssignedVictor JulienActions
Actions

Also available in: Atom PDF