Project

General

Profile

Actions

Task #6217

open

research: increased tcp.overlap after file data changes

Added by Victor Julien over 1 year ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

https://github.com/OISF/suricata/pull/9237 reports 8% more overlaps, which could be an indication that stream data is buffered slightly longer.
This is happening after file prune handling is updated, so might be related to that.


Related issues 3 (1 open2 closed)

Related to Suricata - Optimization #4141: file.data: inspect File objects for HTTPClosedJeff LucovskyActions
Related to Suricata - Bug #5868: filestore: not saving files when filestore enabled by rule matching on file_data (instead saves 0 bytes)ClosedJeff LucovskyActions
Related to Suricata - Bug #3375: Tracking: file tracking/inspection performance issuesNewVictor JulienActions
Actions #1

Updated by Victor Julien over 1 year ago

  • Related to Optimization #4141: file.data: inspect File objects for HTTP added
  • Related to Bug #5868: filestore: not saving files when filestore enabled by rule matching on file_data (instead saves 0 bytes) added
Actions #2

Updated by Victor Julien over 1 year ago

  • Related to Bug #3375: Tracking: file tracking/inspection performance issues added
Actions #3

Updated by Victor Julien over 1 year ago

  • Target version changed from 7.0.1 to 7.0.2
Actions #4

Updated by Victor Julien about 1 year ago

  • Target version changed from 7.0.2 to 7.0.3
Actions #5

Updated by Victor Julien about 1 year ago

  • Target version changed from 7.0.3 to 8.0.0-beta1
Actions

Also available in: Atom PDF