Bug #5263: Flow is stuck if there is no traffic - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #5263

closed

Flow is stuck if there is no traffic

Added by Brijesh Valera over 3 years ago. Updated 16 days ago.

Status:

Rejected

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

6.0.4

Effort:

Difficulty:

Label:

Description

Replay PCAP I have attached here. It's FTP control and data-channel PCAP.

On replaying PCAP, I see FTP data channel is getting detected but I don't see FLOW event gets generated for FTP data channel.
FTP data-channel flow gets stuck if there is no further traffic is sent to Suricata engine.

On terminating Suricata, I see Flow is getting removed and FlowEvent gets generated.

Files

ftp_case144.pcap (24.4 KB) ftp_case144.pcap

FTP control and data channel flows

Brijesh Valera, 04/11/2022 05:31 PM

Actions

Copy link

Updated by Philippe Antoine 16 days ago

Status changed from New to Rejected

This is working as intended : flow events get only logged on flow completion or timeout, what did you expect different ?

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #5263

Flow is stuck if there is no traffic

Updated by Philippe Antoine 16 days ago