[Oisf-devel] Oisf-devel Digest, Vol 102, Issue 4

Hwang In Chan neogeoss1 at gmail.com
Mon Jun 18 11:29:17 UTC 2018 

Ok, we gave up on Suricata 3 coding. We appreciate your recommendation

2018-06-16 21:00 GMT+09:00 <
oisf-devel-request at lists.openinfosecfoundation.org>:

> Send Oisf-devel mailing list submissions to
>         oisf-devel at lists.openinfosecfoundation.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.openinfosecfoundation.org/
> mailman/listinfo/oisf-devel
> or, via email, send a message with subject or body 'help' to
>         oisf-devel-request at lists.openinfosecfoundation.org
>
> You can reach the person managing the list at
>         oisf-devel-owner at lists.openinfosecfoundation.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Oisf-devel digest..."
>
>
> Today's Topics:
>
>    1. Re: Pcap file open issue with Suricata 3 (Andreas Herz)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 15 Jun 2018 22:30:48 +0200
> From: Andreas Herz <andi at geekosphere.org>
> To: oisf-devel at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-devel] Pcap file open issue with Suricata 3
> Message-ID: <20180615203048.GL3167 at ns333105.ip-37-187-125.eu>
> Content-Type: text/plain; charset=utf-8
>
> On 12/06/18 at 14:32, Hwang In Chan wrote:
> > Hello!
> >
> > I am working on Suricata 3 source code to add an additional feature to
> it.
> >
> > I know Suricata 3 reads a pcap file in the command line.
> >
> > We added another function to extract eml files when it reads Pcap in the
> > command line.
> >
> > https://github.com/CPP-CProgramming/Suricata/blob/...
> > <https://github.com/CPP-CProgramming/Suricata/blob/
> master/src/app-layer-smtp.c#L1613-L1619>
> >
> > https://github.com/CPP-CProgramming/Suricata/blob/...
> > <https://github.com/CPP-CProgramming/Suricata/blob/
> master/src/util-file.c#L780>
> >
> > However, it shows a abnormal behavior when it reads a Pcap file.
> >
> > https://drive.google.com/file/d/1TpQnZJyTgCilKPV4H...
> > <https://drive.google.com/file/d/1TpQnZJyTgCilKPV4H4l-
> Z43P2EUPW6Kg/view?usp=drive_web>
> >
> > If it reads 200 eml files out of pcap file, it only writes 191 files.
> >
> > It does not read and write all the files out of Pcap, but misses some
> files.
> >
> > We believe that this issue disappeared in Suricata 4.
>
> Can you try to reproduce it with most recent versions of suricata?
>
> --
> Andreas Herz
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at lists.openinfosecfoundation.org
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
> ------------------------------
>
> End of Oisf-devel Digest, Vol 102, Issue 4
> ******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20180618/160cd3c8/attachment.html>

More information about the Oisf-devel mailing list