TW Thomas Winter
- Login: thomaswinter1
- Registered on: 04/25/2023
- Last sign in: 04/07/2026
Issues
| open | closed | Total | |
|---|---|---|---|
| Assigned issues | 1 | 3 | 4 |
| Reported issues | 2 | 4 | 6 |
Projects
| Project | Roles | Registered on |
|---|---|---|
| Suricata | Developer | 08/08/2023 |
| Suricata-Update | Developer | 08/08/2023 |
Activity
12/16/2025
- TW 02:16 AM Suricata Bug #8165: FTP data is not blocked with drop rule and filemd5 match
- A potential problem is FTPDataStateGetTxFiles and FTPDataGetAlstateProgress do
12/14/2025
- TW 07:41 PM Suricata Bug #8165: FTP data is not blocked with drop rule and filemd5 match
- Forgot to say, the same file over http and smtp is properly blocked where the data packet is dropped.
12/12/2025
- TW 04:20 AM Suricata Bug #8165 (New): FTP data is not blocked with drop rule and filemd5 match
- Running suricata in IPS mode with a ftp-data drop rule to match on MD5. The event is alerted and with a drop rule, logging claims it is dropped but the FTP data packet gets through and the ftp client gets the file. The next TCP acks are ...
07/21/2025
- TW 11:08 PM Suricata Bug #7651: decoder/pppoe: valid packets are getting dropped as decoder.ppp.unsup_proto
- Hi, I have made suricata-verify PR that contains a pcap I captured myself https://github.com/OISF/suricata-verify/pull/2607
I'll also make a suricata PR with the changes I made there. https://github.com/OISF/suricata/pull/13623
04/13/2025
- TW 11:54 PM Suricata Bug #7651: decoder/pppoe: valid packets are getting dropped as decoder.ppp.unsup_proto
- Locally I have made DecodePPPUncompressedProto and DecodePPPOESession just return TM_ECODE_OK for the following protocols IDs which should be expected in a PPP connection:
+ case PPP_IPCP:
+ case PPP_IPV6CP:
+ cas...
04/09/2025
- TW 03:05 AM Suricata Bug #7651 (Closed): decoder/pppoe: valid packets are getting dropped as decoder.ppp.unsup_proto
- After upgrading from suricata 7.0.6 to 7.0.8, we found that PPP packets were getting dropped.
The packets were getting marked as PPP_UNSUP_PROTO in DecodePPPOESession. If rules are configured as drop then the packets now get dropped.
I...
12/21/2023
- TW 11:35 PM Suricata Documentation #6552: doc: add tcp timeout fix to upgrade guide
- Should use "emergency-closed" not "emergency_closed" otherwise you get a deprecated warning log.
12/06/2023
- TW 08:30 PM Suricata Documentation #6552: doc: add tcp timeout fix to upgrade guide
- Feel free to close this now.
11/27/2023
- TW 04:07 AM Suricata Documentation #6552: doc: add tcp timeout fix to upgrade guide
- The cause was this patch c50ef8cc21 ("flow: fix TCP closed default initialization") which increased the timeout for TCP sessions in the closed state which caused flows to hang around longer causing elevated memuse which previously would ...
11/24/2023
- TW 04:36 AM Suricata Documentation #6552: doc: add tcp timeout fix to upgrade guide
- The streamingBuffer rework seems to be a red herring. I think it just increased memuse just enough to hit the memcap. There seems to be a large change in usage between 5.0.0 and 6.0.0 - I am performing another git bisect.