Feature #4854
openFeature #4566: pgsql: add subprotocol-states
pgsql: Add COPY subprotocol-state
Description
When the postgresql backend sends or receives the following commands:
- "COPY FROM STDIN"
- "COPY TO STDOUT"
It enters the COPY subprotocol-state, which comprises a different set of messages.
Currently, if Suri has the pgsql app-layer enabled and sees one of those messages, it doesn't know what to do and stops parsing pgsql messages from that flow altogether, afterwards.
PostgreSQL documentation: https://www.postgresql.org/docs/14/protocol-flow.html#PROTOCOL-COPY
Files
Updated by Juliana Fajardini Reichow over 3 years ago
- Subject changed from PGSQL app-layer-parser: Add COPY subprotocol to PGSQL app-layer-parser: Add COPY subprotocol-state
- Description updated (diff)
Updating this to better word that these are postgresql subprotocols, which are somewhat interpreted as sub-states, by Suri.
Updated by Victor Julien over 3 years ago
- Subject changed from PGSQL app-layer-parser: Add COPY subprotocol-state to pgsql: Add COPY subprotocol-state
Updated by Victor Julien over 2 years ago
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Updated by Victor Julien over 2 years ago
- Target version changed from 7.0.0-rc1 to 8.0.0-beta1
Updated by Juliana Fajardini Reichow 8 days ago
- Status changed from New to In Progress
Updated by Juliana Fajardini Reichow 8 days ago · Edited
The COPY operations can be split into three different modes (cf https://www.postgresql.org/docs/13/protocol-flow.html#PROTOCOL-COPY):
- Copy-In mode - high-speed bulk data transfer to the server
- Copy-Out mode - high-speed bulk data transfer from the server
- Copy-Both - high-speed bulk data transfer to and from the server
Copy-In and Copy-Out operations will lead the backend (server) to switch to dedicated subprotocols that will last until the operation is completed (either with a Success or a Failure).
Those operations can be sent from either Simple Query or Extended Query modes.
Due to PostgreSQL protocol specifications, the Copy-Out sub-proto seems a bit easier to implement, as the backend will send one CopyData message per copied row, whereas there is no such guarantee in the specification for CopyData messages coming from the frontend.
So I'll start with the Copy-Out sub-protocol/ mode.
Updated by Juliana Fajardini Reichow 8 days ago
- File CopyInSubprotocol.png CopyInSubprotocol.png added
Simple-ish sequence diagram for the Copy-In mode
Updated by Juliana Fajardini Reichow 8 days ago
- File CopyOutSubprotocol.png CopyOutSubprotocol.png added
Simple-ish sequence diagram for the Copy-Out mode
Updated by Juliana Fajardini Reichow 5 days ago
Those weren't fully correct. Should update, maybe.
PR for CopyOut mode: https://github.com/OISF/suricata/pull/12947
Updated by Juliana Fajardini Reichow 3 days ago · Edited
CopyOut mode merged with: https://github.com/OISF/suricata/pull/12948
Updated by Juliana Fajardini Reichow 2 days ago
- Related to Feature #7644: pgsql: add CopyOut subprotocol/mode added
Updated by Juliana Fajardini Reichow 2 days ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Updated by Juliana Fajardini Reichow 2 days ago
- Related to Feature #7645: pgsql: add CopyIn subprotocol/mode added
Updated by Juliana Fajardini Reichow 2 days ago
- Target version changed from 8.0.0-rc1 to 8.0.0