Project

General

Profile

Actions

Feature #3086

open

app_proto for Torrent traffic

Added by Kenneth Kolano about 3 years ago. Updated 15 days ago.

Status:
In Review
Priority:
Normal
Assignee:
Target version:
Effort:
medium
Difficulty:
medium
Label:
Protocol

Description

Currently the app_proto registered for Torrent traffic is "failed". Can the detection be revised to detect Torrent traffic?

It should be identifiable by the payload pre-fix: "d1:ad2:id20:".


Related issues 1 (1 open0 closed)

Related to Task #4151: Research: New protocol supportNewCommunity TicketActions
Actions #1

Updated by Andreas Herz about 3 years ago

  • Assignee set to Community Ticket
  • Target version set to TBD
  • Effort set to medium
  • Difficulty set to medium
Actions #2

Updated by Aaron Bungay over 1 year ago

Working on this.

Actions #3

Updated by Victor Julien over 1 year ago

  • Status changed from New to Assigned
  • Assignee changed from Community Ticket to Aaron Bungay
Actions #4

Updated by Victor Julien over 1 year ago

Are you doing protocol detection only or a full parser?

Actions #5

Updated by Victor Julien over 1 year ago

  • Related to Task #4151: Research: New protocol support added
Actions #6

Updated by Aaron Bungay over 1 year ago

Victor Julien wrote in #note-4:

Are you doing protocol detection only or a full parser?

Doing a full parser in rust for the BitTorrent DHT protocol :)

Actions #7

Updated by Victor Julien over 1 year ago

  • Target version changed from TBD to 7.0rc1
  • Label Protocol added

Great!

Actions #8

Updated by Aaron Bungay over 1 year ago

Victor Julien wrote in #note-7:

Great!

PR created - https://github.com/OISF/suricata/pull/5809 :)

Actions #9

Updated by Victor Julien 15 days ago

  • Status changed from Assigned to In Review
  • Assignee changed from Aaron Bungay to Jason Ish
Actions #10

Updated by Victor Julien 15 days ago

  • Subject changed from app_proto for Torrent traffic? to app_proto for Torrent traffic
Actions

Also available in: Atom PDF