mirror of https://github.com/OISF/suricata
cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7a29aa116e
In some conditions, if stream.reassembly.depth is greater than
request/response-body-limit size, the logging output is wrong
if filestore keyword is used with http.
For example, we get:
{... "app_proto":"http","fileinfo":{"filename":"\/file.pdf","state":"CLOSED","stored":false,"size":1049292,"tx_id":0}}
"state":"CLOSED","stored":false should be "state":"TRUNCATED","stored":true.
This happens because the file state and file flags,
which is the information that determine a correct output,
are not set properly since a file is logged before and then closed (HTPFileClose).
The logic of this patch is to close a file when we are above
the limits, such that the proper state and flags can be set
and the file will be logged correctly.
|
10 years ago | |
|---|---|---|
| benches | ||
| contrib | 11 years ago | |
| doc | 11 years ago | |
| lua | 11 years ago | |
| m4 | 16 years ago | |
| qa | 10 years ago | |
| rules | 11 years ago | |
| scripts | 10 years ago | |
| src | 10 years ago | |
| .gitignore | 13 years ago | |
| .travis.yml | 10 years ago | |
| COPYING | 10 years ago | |
| ChangeLog | 10 years ago | |
| LICENSE | 10 years ago | |
| Makefile.am | 11 years ago | |
| Makefile.cvs | ||
| acsite.m4 | ||
| autogen.sh | 13 years ago | |
| classification.config | 16 years ago | |
| config.rpath | 13 years ago | |
| configure.ac | 10 years ago | |
| doxygen.cfg | 12 years ago | |
| reference.config | 11 years ago | |
| suricata.yaml.in | 10 years ago | |
| threshold.config | 13 years ago | |