Project

General

Profile

Actions
Copy link

Optimization #5047

closed

sip: implement pattern based protocol detection

Added by Victor Julien over 3 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
OISF Dev
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:
Beginner

Description

SIP looks a lot like HTTP, so we can use HTTP like protocol detection to match SIP independent of port and fall back to the existing probing parser logic if that fails.

Related issues 1 (0 open1 closed)

Related to Suricata - Feature #3351: sip: parse traffic over tcpClosedGiuseppe LongoActions
Actions
Copy link
 #1

Updated by Victor Julien over 3 years ago

Actions
Copy link
 #2

Updated by Philippe Antoine over 2 years ago

I wonder if probing parser makes sense at all if we have pattern matching for protocol detection

Actions
Copy link
 #3

Updated by Victor Julien over 2 years ago

Based on my SIP knowledge I think pattern only should be enough.

Actions
Copy link
 #4

Updated by Philippe Antoine about 2 years ago

  • Assignee set to OISF Dev
  • Target version set to 8.0.0-beta1
Actions
Copy link
 #5

Updated by Philippe Antoine almost 2 years ago

  • Label Beginner added
Actions
Copy link
 #7

Updated by Giuseppe Longo over 1 year ago

  • Status changed from In Progress to Closed
Actions
Copy link

Also available in: Atom PDF