I’m wondering if the code for setting these is intentional/correct… (running 6.0.2 code, but also seen in master)
What I see is that AppLayerParserPostStreamSetup() sets all the stream depths to the reassembly depth config by default.
But then some protocols, namely smb and modbus, have their own stream_depth configs, and override this value.
This seems fine if the value is actually explicitly set in the yaml config… but if it’s not, I feel like the default (using the reassembly depth) is actually better.
Instead, though, if the config value is omitted from the yaml, then these stream depths get overwritten with 0 (unlimited).
I’m wondering if these protocols should be changed to only override the stream_depth if it’s explicitly provided in the yaml config?