Optimization #5047: sip: implement pattern based protocol detection - Suricata - Open Information Security Foundation

Actions

Copy link

Optimization #5047

closed

VJ OD

sip: implement pattern based protocol detection

Optimization #5047: sip: implement pattern based protocol detection

Added by Victor Julien about 4 years ago. Updated almost 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

OISF Dev

Target version:

8.0.0-beta1

Effort:

Difficulty:

Label:

Beginner

Description

SIP looks a lot like HTTP, so we can use HTTP like protocol detection to match SIP independent of port and fall back to the existing probing parser logic if that fails.

Related issues 1 (0 open — 1 closed)

VJ Updated by Victor Julien about 4 years ago Actions
Copy link
#1

Related to Feature #3351: sip: parse traffic over tcp added

PA Updated by Philippe Antoine almost 3 years ago Actions
Copy link
#2

I wonder if probing parser makes sense at all if we have pattern matching for protocol detection

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
#3

Based on my SIP knowledge I think pattern only should be enough.

PA Updated by Philippe Antoine almost 3 years ago Actions
Copy link
#4

Assignee set to OISF Dev
Target version set to 8.0.0-beta1

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
#5

Label Beginner added

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
#6

Status changed from New to In Progress

https://github.com/OISF/suricata/pull/9893/commits/fbb6c7aa613f9cd784891f1df993a88087abccb5

GL Updated by Giuseppe Longo almost 2 years ago Actions
Copy link
#7

Status changed from In Progress to Closed

Merged with https://github.com/OISF/suricata/pull/10513

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries