Project

General

Profile

Actions

Task #6217

open

research: increased tcp.overlap after file data changes

Added by Victor Julien 11 months ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

https://github.com/OISF/suricata/pull/9237 reports 8% more overlaps, which could be an indication that stream data is buffered slightly longer.
This is happening after file prune handling is updated, so might be related to that.


Related issues 3 (1 open2 closed)

Related to Suricata - Optimization #4141: file.data: inspect File objects for HTTPClosedJeff LucovskyActions
Related to Suricata - Bug #5868: filestore: not saving files when filestore enabled by rule matching on file_data (instead saves 0 bytes)ClosedJeff LucovskyActions
Related to Suricata - Bug #3375: Tracking: file tracking/inspection performance issuesNewVictor JulienActions
Actions #1

Updated by Victor Julien 11 months ago

  • Related to Optimization #4141: file.data: inspect File objects for HTTP added
  • Related to Bug #5868: filestore: not saving files when filestore enabled by rule matching on file_data (instead saves 0 bytes) added
Actions #2

Updated by Victor Julien 10 months ago

  • Related to Bug #3375: Tracking: file tracking/inspection performance issues added
Actions #3

Updated by Victor Julien 9 months ago

  • Target version changed from 7.0.1 to 7.0.2
Actions #4

Updated by Victor Julien 8 months ago

  • Target version changed from 7.0.2 to 7.0.3
Actions #5

Updated by Victor Julien 6 months ago

  • Target version changed from 7.0.3 to 8.0.0-beta1
Actions

Also available in: Atom PDF