Project

General

Profile

Actions

Bug #7903

closed

App layer protocols do not support new kibi-byte units in memcap (e.g. "64 MiB")

Added by Christian Prähauser 23 days ago. Updated 7 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

App layer protocols do not support new kibi-byte units in memcap.

Examples are "app-layer.protocols.ftp.memcap" and "app-layer.protocols.mqtt.max-msg-length".
Un-commenting the default value leads to error (see below).

ftp:
      enabled: yes
      memcap: 64 MiB

Leads to <Error> -- Invalid value for websocket.max-payload-size

Same for "mqtt.max-msg-length":

mqtt:
      enabled: yes
      max-msg-length: 1 MiB

Leads to <Error> -- Invalid value for mqtt.max-msg-length: 1 MiB

I think this is because the Rust get_memunit() function does not know the new suffixes.
See https://github.com/OISF/suricata/blob/e62eb004599ec500aeacfa7150b0dbca19f0a0fb/rust/src/conf.rs#L183

Actions #1

Updated by Christian Prähauser 23 days ago

Further, "app-layer.protocols.websocket.max-payload-size" does not support mem size units at all despite mentioning it in the config template:

   websocket:
      #enabled: yes
      # Maximum used payload size, the rest is skipped
      # Also applies as a maximum for uncompressed data
      # max-payload-size: 64 KiB

Un-commenting "max-payload-size" leads to Invalid value for websocket.max-payload-size.

Actions #2

Updated by Jeff Lucovsky 8 days ago

  • Status changed from New to In Progress
  • Assignee changed from OISF Dev to Jeff Lucovsky
Actions #3

Updated by Jeff Lucovsky 7 days ago

  • Status changed from In Progress to Closed
Actions

Also available in: Atom PDF