[Oisf-users] Suricata 4.0.0 - bypass/performance issue

Victor Julien lists at inliniac.net
Thu Jul 20 08:32:49 UTC 2017


On 20-07-17 10:26, Victor Julien wrote:
> On 19-07-17 17:27, Martin Petracek wrote:
>> Oh, I should also mention that I'm using suricata without any rules,
>> just to perform deep-packet-inspection and get HTTP/TLS/DNS information.
>> I'm getting these information still, even with this patch. I think the
>> information drop could be important with some rules.
> 
> Are you using --disable-detection?
> 
> If so, could you test the vanilla source with -S /dev/null instead? I
> think there may be a dependency on the detection engine.
> 

Also separately could you add this commandline option and see if it has
any effect?

--set stream.reassembly.raw=false

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170720/791525d7/attachment-0002.sig>


More information about the Oisf-users mailing list