Actions
Feature #3887
closedyaml: Increase maximum size for address vars
Effort:
Difficulty:
Label:
Description
It appears the maximum length for an address var is 8192 bytes0 when dynamically generating lists for vars in large networks, it is easy to exceed this limit (especially with IPv6 network ranges). Can this be increased?
The only current workaround I'm aware of is to try to dynamically split lists and generate multiple vars which is... a bit unruly
[0] https://github.com/OISF/suricata/blob/master/src/detect-engine-address.c#L746
Updated by Victor Julien over 4 years ago
- Status changed from New to Assigned
- Assignee set to Jeff Lucovsky
- Target version set to 7.0.0-beta1
It would be nice if it can be made dynamic so there is no hardcoded limit.
Target is 7 for now. We can consider backporting if its not intrusive.
Updated by Jeff Lucovsky about 4 years ago
I suggest we cap the size allowed when permitting larger sizes.
The current (hard coded) limit is around 8k.
Suggestions for a reasonable upper bound?
Updated by Jeff Lucovsky about 4 years ago
- Status changed from Assigned to In Review
Updated by Jason Ish about 4 years ago
- Related to Bug #2190: apparent 1000 character limit in threshold.conf IP lists added
Updated by Jason Ish about 4 years ago
- Related to Task #4097: Suricon 2020 brainstorm added
Updated by Victor Julien about 4 years ago
- Subject changed from Increase maximum size for address vars to yaml: Increase maximum size for address vars
Updated by Jeff Lucovsky over 3 years ago
- Status changed from In Review to Closed
Actions