Optimization #5180
closedstream/tcp: flag 1st seen pkt w stream established
Description
Considering that an alert could be discarded from the packet queue due to queue size limitations, we must consider how signatures with the `drop` action are still taken into account, even if the respective alert is dropped.
I guess... thought must also be given with regards to how do we indicate what is going on with said traffic, even if the alert isn't kept. Debug log? Specific stats counter?
JF Updated by Juliana Fajardini Reichow about 4 years ago
- Related to Optimization #5178: detect/alert: improve packet alert queue handling added
JF Updated by Juliana Fajardini Reichow about 4 years ago
- Subject changed from detect/alert: make sure that signature with `drop` action are respected, even if the alert is discarded to detect/alert: make sure that signatures with `drop` action are respected, even if the alert is discarded
JF Updated by Juliana Fajardini Reichow almost 4 years ago
- Status changed from New to In Progress
JF Updated by Juliana Fajardini Reichow almost 4 years ago
- Status changed from In Progress to Assigned
Will stop current work on this issue because we will try to follow the approach for #4943.
JF Updated by Juliana Fajardini Reichow almost 4 years ago
- Target version changed from TBD to 7.0.0-beta1
JF Updated by Juliana Fajardini Reichow almost 4 years ago
- Status changed from Assigned to In Progress
JF Updated by Juliana Fajardini Reichow almost 4 years ago
Back to working on this.
Draft PR for appreciation and improvements: https://github.com/OISF/suricata/pull/7469
VJ Updated by Victor Julien over 3 years ago
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
JF Updated by Juliana Fajardini Reichow about 3 years ago
- Tracker changed from Task to Optimization
JF Updated by Juliana Fajardini Reichow about 3 years ago
- Target version changed from 7.0.0-rc1 to 7.0.0-rc2
JF Updated by Juliana Fajardini Reichow almost 3 years ago
- Target version changed from 7.0.0-rc2 to 8.0.0-beta1
VJ Updated by Victor Julien about 1 year ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
VJ Updated by Victor Julien 10 months ago
- Priority changed from Normal to High
- Target version changed from 8.0.0-rc1 to 8.0.1
JF Updated by Juliana Fajardini Reichow 7 months ago
- Target version changed from 8.0.1 to 8.0.2
VJ Updated by Victor Julien 7 months ago
- Target version changed from 8.0.2 to 9.0.0-beta1
JF Updated by Juliana Fajardini Reichow 5 months ago
- Related to Security #8021: eve/alert: heap buffer overflow on verdict added
JF Updated by Juliana Fajardini Reichow 2 months ago
Another PR for review: https://github.com/OISF/suricata/pull/14677
this covers the first probable bug that we've noticed while investigating this issue.
JF Updated by Juliana Fajardini Reichow about 2 months ago
- Status changed from In Progress to Resolved
- Label Needs backport to 8.0 added
Merged with: https://github.com/OISF/suricata/pull/14801
OT Updated by OISF Ticketbot about 2 months ago
- Subtask #8299 added
OT Updated by OISF Ticketbot about 2 months ago
- Label deleted (
Needs backport to 8.0)
VJ Updated by Victor Julien about 1 month ago
- Status changed from Resolved to Closed
JF Updated by Juliana Fajardini Reichow about 1 month ago
- Subject changed from detect/alert: make sure that signatures with `drop` action are respected, even if the alert is discarded to stream/tcp: flag 1st seen pkt w stream established
changing ticket subject to make it more aligned with the work done, and more changelog-compatible.