From 7d6bc60abb6eefce3f0d20222b2a843de9ea5a6e Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Thu, 7 Apr 2022 15:58:58 -0600
Subject: [PATCH] doc/userguide: document ftp max-line-length

---
 doc/userguide/configuration/suricata-yaml.rst | 25 +++++++++++++++++++
 doc/userguide/upgrade.rst                     |  1 +
 2 files changed, 26 insertions(+)

diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index 9938cb5298..f4783199fa 100644
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -1150,6 +1150,31 @@ Limit for the maximum number of asn1 frames to decode (default 256):
 
    asn1_max_frames: 256
 
+.. _suricata-yaml-configure-ftp:
+
+FTP
+~~~
+
+The FTP application layer parser is enabled by default and uses dynamic protocol
+detection.
+
+By default, FTP control channel commands and responses are limited to 4096
+bytes, but this value can be changed. When a command request or response exceeds
+the line length limit, the stored data will be truncated, however the parser
+will continue to watch for the end of line and acquire the next command.
+Commands that are truncated will be noted in the *eve* log file with the fields
+``command_truncated`` or ``reply_truncated``. Please note that this affects the
+control messages only, not FTP data (file transfers).
+
+  ::
+
+    ftp:
+      enabled: yes
+      #memcap: 64mb
+
+      # Maximum line length for control messages before they will be truncated.
+      #max-line-length: 4kb
+
 .. _suricata-yaml-configure-libhtp:
 
 Configure HTTP (libhtp)
diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst
index 10c9577ec2..cece4186f7 100644
--- a/doc/userguide/upgrade.rst
+++ b/doc/userguide/upgrade.rst
@@ -52,6 +52,7 @@ Other changes
 ~~~~~~~~~~~~~
 - NSS is no longer required. File hashing and JA3 can now be used without the NSS compile time dependency.
 - If installing Suricata without the bundled Suricata-Update, the ``default-rule-path`` has been changed from ``/etc/suricata/rules`` to ``/var/lib/suricata/rules`` to be consistent with Suricata when installed with Suricata-Update.
+- FTP has been updated with a maximum command request and response line length of 4096 bytes. To change the default see :ref:`suricata-yaml-configure-ftp`.
 
 Logging changes
 ~~~~~~~~~~~~~~~