[Oisf-devel] Question about address buffer limit error
Victor Julien
lists at inliniac.net
Mon Dec 19 18:22:36 UTC 2016
On 19-12-16 18:19, SJ Lee wrote:
> Hello team,
> I was trying to use a rule for to check like below, but failed with
> below error message which seems to be does not have a enough buffer size.
>
> Is there any way I can extend buffer size or to resolve this issue?
>
> ALL_IPS=(corp ip)+(prod ip)
> EXTERNAL="!$ALL_IPS"
>
> <Error> - [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - Hit the
> address buffer limit for the supplied address. Invalidating sig.
> Please file a bug report on this
It's a hard limit in the code:
https://github.com/inliniac/suricata/blob/master/src/detect-engine-address.c#L825
You can try to increase it, but I think such rules are not going to be
very efficient.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list