Bug #892
closed
detect-engine.profile - custom - does not err out in incorrect toclient/srv values - suricata.yaml
Added by Peter Manev over 11 years ago.
Updated almost 11 years ago.
Description
If in suricata.yaml we have ->
detect-engine:
- profile: custom
- custom-values:
toclient-src-groups: BA
toclient-dst-groups: 2
toclient-sp-groups: 2
toclient-dp-groups: 3
toserver-src-groups: 2
toserver-dst-groups: 4
toserver-sp-groups: 2
toserver-dp-groups: 25
- sgh-mpm-context: auto
- inspection-recursion-limit: 3000
Notice how abpve we have "toclient-src-groups: BA" Suriacta does not err out on that during start up.
The issue is present on both 1.4.4 and git master 2.0dev (rev 055b422).
- Target version set to TBD
Unfortunately, the problem is more basic. I found that suricata doesn't recognize "toclient-src-groups", "toclient-dst-groups" and other names under custom-values node!
This is because in detect-engine.c code, the names for related variables are set "toclient_src_groups", "toclient_dst_groups" and etc. This means all the '_' characters in these parameters in code must be changed to '-' character.
It's somehow an unpleasant bug and should be fix ASAP.
Following up Amin's comment - yes I agree it looks like a "small effort" and important fix. I think it should be pointed to Beta/RC/2.0
The bigger part of the problem is actually that one can not use the detect-engine custom profile as of now.
This feature can really help inspection on high traffic sensors with lots of RAM available.
- Status changed from New to Closed
- Assignee set to Victor Julien
- Target version changed from TBD to 2.0beta2
- % Done changed from 0 to 100
Also available in: Atom
PDF