Bug #6423: detect-filesize no longer supports units in value - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #6423

closed

detect-filesize no longer supports units in value

Added by tug tugtug about 1 year ago. Updated 4 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

7.0.3

Affected Versions:

7.0.2

Effort:

Difficulty:

Label:

Description

We're upgrading our server from 6 to 7, and discovered that some rules now fail to load.
We narrowed it down to the ones with filesize keyword.
It seems the pre-7 suricata supports syntax like filesize:>1MB, and now it fails silently. Further debugging has shown `DetectU64Parse` in `DetectFilesizeSetup` thinks the value is not a valid number.
We should either update documentation to deprecate the support of units, as it is a broken change, or fix this issue in 7.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #6423

detect-filesize no longer supports units in value

Updated by Victor Julien about 1 year ago

Updated by Philippe Antoine 12 months ago

Updated by Philippe Antoine 12 months ago

Updated by Philippe Antoine 4 months ago

Updated by Philippe Antoine 4 months ago