Task #6217: research: increased tcp.overlap after file data changes - Suricata - Open Information Security Foundation

Actions

Copy link

Task #6217

open

VJ VJ

research: increased tcp.overlap after file data changes

Task #6217: research: increased tcp.overlap after file data changes

Added by Victor Julien almost 3 years ago. Updated 6 months ago.

Status:

Assigned

Priority:

Normal

Assignee:

Victor Julien

Target version:

9.0.0-beta1

Effort:

Difficulty:

Label:

Description

https://github.com/OISF/suricata/pull/9237 reports 8% more overlaps, which could be an indication that stream data is buffered slightly longer.
This is happening after file prune handling is updated, so might be related to that.

Related issues 3 (1 open — 2 closed)

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
#1

Related to Optimization #4141: file.data: inspect File objects for HTTP added
Related to Bug #5868: filestore: not saving files when filestore enabled by rule matching on file_data (instead saves 0 bytes) added

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#2

Related to Bug #3375: tracking: file tracking/inspection performance issues added

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#3

Target version changed from 7.0.1 to 7.0.2

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#4

Target version changed from 7.0.2 to 7.0.3

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#5

Target version changed from 7.0.3 to 8.0.0-beta1

VJ Updated by Victor Julien over 1 year ago Actions
Copy link
#6

Target version changed from 8.0.0-beta1 to 9.0.0-beta1

VJ Updated by Victor Julien 6 months ago Actions
Copy link
#7

Status changed from New to Assigned

Actions

Copy link

Also available in: PDF Atom

Related to Suricata - Optimization #4141: file.data: inspect File objects for HTTP	Closed	Jeff Lucovsky	Actions
Related to Suricata - Bug #5868: filestore: not saving files when filestore enabled by rule matching on file_data (instead saves 0 bytes)	Closed	Jeff Lucovsky	Actions
Related to Suricata - Bug #3375: tracking: file tracking/inspection performance issues	Assigned	Victor Julien	Actions

Project

General

Profile

Suricata

Custom queries

Task #6217

research: increased tcp.overlap after file data changes

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
#1

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#2

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#3

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#4

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#5

VJ Updated by Victor Julien over 1 year ago Actions
Copy link
#6

VJ Updated by Victor Julien 6 months ago Actions
Copy link
#7

Project

General

Profile

Suricata

Custom queries

Task #6217

research: increased tcp.overlap after file data changes

VJ Updated by Victor Julien almost 3 years ago ActionsCopy link #1

VJ Updated by Victor Julien over 2 years ago ActionsCopy link #2

VJ Updated by Victor Julien over 2 years ago ActionsCopy link #3

VJ Updated by Victor Julien over 2 years ago ActionsCopy link #4

VJ Updated by Victor Julien over 2 years ago ActionsCopy link #5

VJ Updated by Victor Julien over 1 year ago ActionsCopy link #6

VJ Updated by Victor Julien 6 months ago ActionsCopy link #7

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
#1

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#2

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#3

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#4

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
#5

VJ Updated by Victor Julien over 1 year ago Actions
Copy link
#6

VJ Updated by Victor Julien 6 months ago Actions
Copy link
#7