From: Jason Ish Date: Thu, 7 Apr 2022 21:58:58 +0000 (-0600) Subject: doc/userguide: document ftp max-line-length X-Git-Tag: suricata-5.0.9~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b2da5e86ea9315ad876e50bb95dcb8be70f959b5;p=thirdparty%2Fsuricata.git doc/userguide: document ftp max-line-length (cherry picked from commit 7d6bc60abb6eefce3f0d20222b2a843de9ea5a6e) --- diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst index 6ad1dd3ad4..21fd4ac031 100644 --- a/doc/userguide/configuration/suricata-yaml.rst +++ b/doc/userguide/configuration/suricata-yaml.rst @@ -1326,6 +1326,31 @@ Limit for the maximum number of asn1 frames to decode (default 256): asn1_max_frames: 256 +.. _suricata-yaml-configure-ftp: + +FTP +~~~ + +The FTP application layer parser is enabled by default and uses dynamic protocol +detection. + +By default, FTP control channel commands and responses are limited to 4096 +bytes, but this value can be changed. When a command request or response exceeds +the line length limit, the stored data will be truncated, however the parser +will continue to watch for the end of line and acquire the next command. +Commands that are truncated will be noted in the *eve* log file with the fields +``command_truncated`` or ``reply_truncated``. Please note that this affects the +control messages only, not FTP data (file transfers). + + :: + + ftp: + enabled: yes + #memcap: 64mb + + # Maximum line length for control messages before they will be truncated. + #max-line-length: 4kb + .. _suricata-yaml-configure-libhtp: Configure HTTP (libhtp) diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst index c2031afbf0..78bbd0b88e 100644 --- a/doc/userguide/upgrade.rst +++ b/doc/userguide/upgrade.rst @@ -30,6 +30,9 @@ by the ones Suricata supplies. Major updates include new features, new default settings and often also remove features. +Upgrading from 5.0.[0-8] to 5.0.9 +---------------------------------- +- FTP has been updated with a maximum command request and response line length of 4096 bytes. To change the default see :ref:`suricata-yaml-configure-ftp`. Upgrading 4.1 to 5.0 --------------------