Task #6217: research: increased tcp.overlap after file data changes - Suricata - Open Information Security Foundation

Actions

Copy link

Task #6217

open

research: increased tcp.overlap after file data changes

Added by Victor Julien over 1 year ago. Updated 12 months ago.

Status:

New

Priority:

Normal

Assignee:

Victor Julien

Target version:

8.0.0-beta1

Effort:

Difficulty:

Label:

Description

https://github.com/OISF/suricata/pull/9237 reports 8% more overlaps, which could be an indication that stream data is buffered slightly longer.
This is happening after file prune handling is updated, so might be related to that.

Related issues 3 (1 open — 2 closed)

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Related to Suricata - Optimization #4141: file.data: inspect File objects for HTTP	Closed	Jeff Lucovsky	Actions
Related to Suricata - Bug #5868: filestore: not saving files when filestore enabled by rule matching on file_data (instead saves 0 bytes)	Closed	Jeff Lucovsky	Actions
Related to Suricata - Bug #3375: Tracking: file tracking/inspection performance issues	New	Victor Julien	Actions

Project

General

Profile

Suricata

Custom queries

Task #6217

research: increased tcp.overlap after file data changes

Updated by Victor Julien over 1 year ago

Updated by Victor Julien over 1 year ago

Updated by Victor Julien about 1 year ago

Updated by Victor Julien about 1 year ago

Updated by Victor Julien 12 months ago