Actions
Optimization #4141
closedTask #4143: tracking: file.data improvements
file.data: inspect File objects for HTTP
Effort:
Difficulty:
Label:
Description
file.data for HTTP currently inspects the HtpBody instead of File(s). These will usually contain the same data, except for the multipart case.
Switching to File(s) would make the implementation simpler and make the implementation more correct.
David Wharton and Jae Williams have offered to run test runs for their rule collections to validate that this change won't break anything.
Updated by Victor Julien almost 4 years ago
- Related to Task #4097: Suricon 2020 brainstorm added
Updated by Victor Julien almost 4 years ago
A possible optimization after this has been done, is that in most cases we might not need to track the HtpBody separately anymore.
Updated by Victor Julien about 2 years ago
- Priority changed from Normal to High
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Updated by Victor Julien almost 2 years ago
- Priority changed from High to Normal
- Target version changed from 7.0.0-rc1 to 8.0.0-beta1
Updated by Jeff Lucovsky over 1 year ago
- Status changed from Assigned to In Review
Updated by Victor Julien over 1 year ago
- Related to Bug #5868: filestore: not saving files when filestore enabled by rule matching on file_data (instead saves 0 bytes) added
Updated by Victor Julien over 1 year ago
- Target version changed from 8.0.0-beta1 to 7.0.0
Updated by Victor Julien over 1 year ago
- Status changed from In Review to In Progress
- Target version changed from 7.0.0 to 8.0.0-beta1
Still too much to do, so moving to 8.
Current draft https://github.com/OISF/suricata/pull/9207
Updated by Victor Julien over 1 year ago
- Status changed from In Progress to Closed
- Target version changed from 8.0.0-beta1 to 7.0.0
Updated by Victor Julien over 1 year ago
- Related to Task #6217: research: increased tcp.overlap after file data changes added
Actions