Bug #7903
closedApp layer protocols do not support new kibi-byte units in memcap (e.g. "64 MiB")
Description
App layer protocols do not support new kibi-byte units in memcap.
Examples are "app-layer.protocols.ftp.memcap" and "app-layer.protocols.mqtt.max-msg-length".
Un-commenting the default value leads to error (see below).
ftp:
enabled: yes
memcap: 64 MiB
Leads to <Error> -- Invalid value for websocket.max-payload-size
Same for "mqtt.max-msg-length":
mqtt:
enabled: yes
max-msg-length: 1 MiB
Leads to <Error> -- Invalid value for mqtt.max-msg-length: 1 MiB
I think this is because the Rust get_memunit() function does not know the new suffixes.
See https://github.com/OISF/suricata/blob/e62eb004599ec500aeacfa7150b0dbca19f0a0fb/rust/src/conf.rs#L183
Updated by Christian Prähauser 23 days ago
Further, "app-layer.protocols.websocket.max-payload-size" does not support mem size units at all despite mentioning it in the config template:
websocket:
#enabled: yes
# Maximum used payload size, the rest is skipped
# Also applies as a maximum for uncompressed data
# max-payload-size: 64 KiB
Un-commenting "max-payload-size" leads to Invalid value for websocket.max-payload-size.
Updated by Jeff Lucovsky 8 days ago
- Status changed from New to In Progress
- Assignee changed from OISF Dev to Jeff Lucovsky
Updated by Jeff Lucovsky 7 days ago
- Status changed from In Progress to Closed