Actions
Optimization #4318
open
SB
OD
app-layer: "close" all txs if protocol reaches error state
Optimization #4318:
app-layer: "close" all txs if protocol reaches error state
Description
Currently, in case there was a mis-detection of protocol or something led to incomplete data error in a protocol parser, the cleanup is not done properly.
Victor says "we should have logic that "closes" all txs (marks them as done), or handle this in the lower layers"
This came up when DCE/RPC over UDP packet was misdetected as Wireguard protocol and took too much of processing power.
VJ Updated by Victor Julien about 5 years ago
- Subject changed from Logic that "closes" all txs to app-layer: "close" all txs if protocol reaches error state
VJ Updated by Victor Julien over 4 years ago
- Assignee changed from Victor Julien to Philippe Antoine
PA Updated by Philippe Antoine over 4 years ago
- Status changed from Assigned to In Review
PA Updated by Philippe Antoine over 4 years ago
When an error is returned by an app-layer parser over UDP, nothing happens (the return value of AppLayerHandleUdp is ignored)
There is no equivalent of STREAMTCP_FLAG_APP_LAYER_DISABLED
Should we do something ?
PA Updated by Philippe Antoine over 3 years ago
- Priority changed from Normal to Low
- Effort set to high
- Difficulty set to high
PA Updated by Philippe Antoine over 3 years ago
- Target version changed from 7.0.0-beta1 to TBD
PA Updated by Philippe Antoine over 3 years ago
- Status changed from In Review to Assigned
PA Updated by Philippe Antoine over 3 years ago
- Assignee changed from Philippe Antoine to OISF Dev
Not sure what the best way to deal with this is, and this seems high effort and low priority to get it right...
Actions