Optimization #4141
closed
Task #4143: tracking: file.data improvements
file.data: inspect File objects for HTTP
Added by Victor Julien over 3 years ago.
Updated 9 months ago.
Description
file.data for HTTP currently inspects the HtpBody instead of File(s). These will usually contain the same data, except for the multipart case.
Switching to File(s) would make the implementation simpler and make the implementation more correct.
David Wharton and Jae Williams have offered to run test runs for their rule collections to validate that this change won't break anything.
- Related to Task #4097: Suricon 2020 brainstorm added
A possible optimization after this has been done, is that in most cases we might not need to track the HtpBody separately anymore.
- Priority changed from Normal to High
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
- Priority changed from High to Normal
- Target version changed from 7.0.0-rc1 to 8.0.0-beta1
- Status changed from Assigned to In Review
- Related to Bug #5868: filestore: not saving files when filestore enabled by rule matching on file_data (instead saves 0 bytes) added
- Target version changed from 8.0.0-beta1 to 7.0.0
- Status changed from In Review to In Progress
- Target version changed from 7.0.0 to 8.0.0-beta1
- Status changed from In Progress to Closed
- Target version changed from 8.0.0-beta1 to 7.0.0
- Related to Task #6217: research: increased tcp.overlap after file data changes added
Also available in: Atom
PDF