Project

General

Profile

Feature #3086

app_proto for Torrent traffic?

Added by Kenneth Kolano almost 2 years ago. Updated 5 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Target version:
Effort:
medium
Difficulty:
medium
Label:
Protocol

Description

Currently the app_proto registered for Torrent traffic is "failed". Can the detection be revised to detect Torrent traffic?

It should be identifiable by the payload pre-fix: "d1:ad2:id20:".


Related issues

Related to Task #4151: Research: New protocol supportNewCommunity TicketActions
#1

Updated by Andreas Herz almost 2 years ago

  • Assignee set to Community Ticket
  • Target version set to TBD
  • Effort set to medium
  • Difficulty set to medium
#2

Updated by Aaron Bungay 7 months ago

Working on this.

#3

Updated by Victor Julien 7 months ago

  • Status changed from New to Assigned
  • Assignee changed from Community Ticket to Aaron Bungay
#4

Updated by Victor Julien 7 months ago

Are you doing protocol detection only or a full parser?

#5

Updated by Victor Julien 7 months ago

  • Related to Task #4151: Research: New protocol support added
#6

Updated by Aaron Bungay 7 months ago

Victor Julien wrote in #note-4:

Are you doing protocol detection only or a full parser?

Doing a full parser in rust for the BitTorrent DHT protocol :)

#7

Updated by Victor Julien 7 months ago

  • Target version changed from TBD to 7.0rc1
  • Label Protocol added

Great!

#8

Updated by Aaron Bungay 5 months ago

Victor Julien wrote in #note-7:

Great!

PR created - https://github.com/OISF/suricata/pull/5809 :)

Also available in: Atom PDF