Project

General

Profile

Actions
Copy link

Task #6217

open

research: increased tcp.overlap after file data changes

Added by Victor Julien 10 months ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Assignee:
Victor Julien
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

https://github.com/OISF/suricata/pull/9237 reports 8% more overlaps, which could be an indication that stream data is buffered slightly longer.
This is happening after file prune handling is updated, so might be related to that.

Related issues 3 (1 open2 closed)

Related to Suricata - Optimization #4141: file.data: inspect File objects for HTTPClosedJeff LucovskyActions
Related to Suricata - Bug #5868: filestore: not saving files when filestore enabled by rule matching on file_data (instead saves 0 bytes)ClosedJeff LucovskyActions
Related to Suricata - Bug #3375: Tracking: file tracking/inspection performance issuesNewVictor JulienActions
Actions
Copy link
 #1

Updated by Victor Julien 10 months ago

  • Related to Optimization #4141: file.data: inspect File objects for HTTP added
  • Related to Bug #5868: filestore: not saving files when filestore enabled by rule matching on file_data (instead saves 0 bytes) added
Actions
Copy link
 #2

Updated by Victor Julien 9 months ago

  • Related to Bug #3375: Tracking: file tracking/inspection performance issues added
Actions
Copy link
 #3

Updated by Victor Julien 8 months ago

  • Target version changed from 7.0.1 to 7.0.2
Actions
Copy link
 #4

Updated by Victor Julien 7 months ago

  • Target version changed from 7.0.2 to 7.0.3
Actions
Copy link
 #5

Updated by Victor Julien 6 months ago

  • Target version changed from 7.0.3 to 8.0.0-beta1
Actions
Copy link

Also available in: Atom PDF