Project

General

Profile

Actions
Copy link

Task #3559

closed

Task #3553: Tracking: enable GAP recovery for all TCP app-layer protocols

http: support GAP recovery

Added by Victor Julien over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
6.0.0rc1
Effort:
Difficulty:
Label:
Protocol

Description

In HTTP we can deal with GAPs in various ways

  1. if there is a content length set and we are in the body parsing, we can simply skip this part of the body. For file extraction the SMB parser can serve as an example
  2. it would be useful to be able to communicate the CL to the stream engine so we might know where the next record/tx starts.
  3. bruteforce search for the next record/tx as a fallback

Related issues 1 (0 open1 closed)

Blocks Suricata - Task #3824: libhtp 0.5.34ClosedPhilippe AntoineActions
Actions
Copy link

Also available in: Atom PDF