Actions
Bug #961
closedmax pending packets variable parsing
Affected Versions:
Effort:
Difficulty:
Label:
Description
During some tests I have noticed that Suricata parses all the yaml variable in a particular way:
If the variable is lexically correct - no problem. If it is not Suricata silently defaults to the default value.
I did some more test with 1.4.5 and latest git on more yaml variable
and the results are generally the same. One such example -
max-pending-packets: 4096o
Notice the wrongly put letter "O" instead of zero "0" at the end. In this cases Suricata silently defaults to the default 1024 packets.
value: <Info> - preallocated 1024 packets. Total memory 4362240
I believe this is a general issue with most of the variable parsing from suricata.yaml
Thanks
Actions