Task #3559: http: support GAP recovery - Suricata - Open Information Security Foundation

Actions

Task #3559

closed

Task #3553: Tracking: enable GAP recovery for all TCP app-layer protocols

http: support GAP recovery

Added by Victor Julien over 5 years ago. Updated about 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

Effort:

Difficulty:

Label:

Protocol

Description

In HTTP we can deal with GAPs in various ways

if there is a content length set and we are in the body parsing, we can simply skip this part of the body. For file extraction the SMB parser can serve as an example
it would be useful to be able to communicate the CL to the stream engine so we might know where the next record/tx starts.
bruteforce search for the next record/tx as a fallback

Related issues 1 (0 open — 1 closed)

Actions

#1

Updated by Victor Julien over 5 years ago

Description updated (diff)
Status changed from New to Assigned
Assignee set to Philippe Antoine
Target version set to 6.0.0beta1
Label Protocol added

Actions

#2

Updated by Philippe Antoine over 5 years ago

Status changed from Assigned to In Review

https://github.com/OISF/suricata/pull/4951
https://github.com/OISF/libhtp/pull/296

Actions

#3

Updated by Philippe Antoine over 5 years ago

Blocks Task #3824: libhtp 0.5.34 added

Actions

#4

Updated by Victor Julien about 5 years ago

Target version changed from 6.0.0beta1 to 6.0.0rc1

Actions

#5

Updated by Victor Julien about 5 years ago

Status changed from In Review to Closed

https://github.com/OISF/suricata/pull/5172

Actions

Also available in: Atom PDF