Project

General

Profile

Actions

Bug #3375

open

Tracking: file tracking/inspection performance issues

Added by Victor Julien almost 5 years ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

In certain cases we can see the PrefilterTxFiledata at the top of perf measurements. This has uncovered various issues:

SMTP: tx id not set on files
SMTP: 'raw-message' as files support doesn't set files up properly
SMB: post-GAP we can have dangling txs that are neither updated nor closed

HTTP: pipelining requests can operate on wrong files (and set events in wrong tx)


Related issues 16 (1 open15 closed)

Related to Suricata - Bug #3376: http: pipelining tx id handling brokenClosedVictor JulienActions
Related to Suricata - Bug #3397: smtp: file tracking issues when more than one attachment in a txClosedVictor JulienActions
Related to Suricata - Bug #3398: smtp: 'raw-message' option file tracking issues with multi-txClosedVictor JulienActions
Related to Suricata - Bug #3399: smb: post-GAP some transactions never closeClosedVictor JulienActions
Related to Suricata - Bug #3400: smb: post-GAP file tx handlingClosedVictor JulienActions
Related to Suricata - Bug #3401: smb1: 'event only' transactions for bad requests never closeClosedVictor JulienActions
Related to Suricata - Bug #3393: http: pipelining tx id handling broken (4.1.x)ClosedVictor JulienActions
Related to Suricata - Bug #3404: smtp: file tracking issues when more than one attachment in a tx (4.1.x)ClosedVictor JulienActions
Related to Suricata - Bug #3403: smb1: 'event only' transactions for bad requests never close (4.1.x)ClosedVictor JulienActions
Related to Suricata - Bug #3402: smb: post-GAP some transactions never close (4.1.x)ClosedVictor JulienActions
Related to Suricata - Bug #3424: nfs: post-GAP some transactions never closeClosedVictor JulienActions
Related to Suricata - Bug #3425: nfs: post-GAP file tx handlingClosedVictor JulienActions
Related to Suricata - Bug #3699: smb: post-GAP file handlingClosedVictor JulienActions
Related to Suricata - Bug #3700: nfs: post-GAP file handlingClosedVictor JulienActions
Related to Suricata - Task #4444: files: store files in transactions instead of per flow stateClosedVictor JulienActions
Related to Suricata - Task #6217: research: increased tcp.overlap after file data changesNewVictor JulienActions
Actions #1

Updated by Victor Julien almost 5 years ago

  • Affected Versions 4.1.5, 5.0.0 added
Actions #2

Updated by Victor Julien almost 5 years ago

  • Related to Bug #3376: http: pipelining tx id handling broken added
Actions #3

Updated by Victor Julien almost 5 years ago

  • Related to Bug #3397: smtp: file tracking issues when more than one attachment in a tx added
Actions #4

Updated by Victor Julien almost 5 years ago

  • Related to Bug #3398: smtp: 'raw-message' option file tracking issues with multi-tx added
Actions #5

Updated by Victor Julien almost 5 years ago

  • Related to Bug #3399: smb: post-GAP some transactions never close added
Actions #6

Updated by Victor Julien almost 5 years ago

  • Related to Bug #3400: smb: post-GAP file tx handling added
Actions #7

Updated by Victor Julien almost 5 years ago

  • Related to Bug #3401: smb1: 'event only' transactions for bad requests never close added
Actions #8

Updated by Victor Julien almost 5 years ago

  • Related to Bug #3393: http: pipelining tx id handling broken (4.1.x) added
Actions #9

Updated by Victor Julien almost 5 years ago

  • Related to Bug #3404: smtp: file tracking issues when more than one attachment in a tx (4.1.x) added
Actions #10

Updated by Victor Julien almost 5 years ago

  • Related to Bug #3403: smb1: 'event only' transactions for bad requests never close (4.1.x) added
Actions #11

Updated by Victor Julien almost 5 years ago

  • Related to Bug #3402: smb: post-GAP some transactions never close (4.1.x) added
Actions #12

Updated by Victor Julien almost 5 years ago

  • Related to Bug #3424: nfs: post-GAP some transactions never close added
Actions #13

Updated by Victor Julien almost 5 years ago

  • Related to Bug #3425: nfs: post-GAP file tx handling added
Actions #14

Updated by Victor Julien over 4 years ago

  • Related to Bug #3699: smb: post-GAP file handling added
Actions #15

Updated by Victor Julien over 4 years ago

  • Related to Bug #3700: nfs: post-GAP file handling added
Actions #16

Updated by Victor Julien over 3 years ago

  • Related to Task #4444: files: store files in transactions instead of per flow state added
Actions #17

Updated by Philippe Antoine over 1 year ago

  • Target version set to 7.0.0

@Victor Julien every linked issue is closed, can this old tracking get closed as well ?

Actions #18

Updated by Victor Julien over 1 year ago

  • Target version changed from 7.0.0 to 7.0.1
Actions #19

Updated by Victor Julien over 1 year ago

  • Related to Task #6217: research: increased tcp.overlap after file data changes added
Actions #20

Updated by Victor Julien over 1 year ago

  • Target version changed from 7.0.1 to 8.0.0-beta1
Actions

Also available in: Atom PDF