Optimization #5180
closedstream/tcp: flag 1st seen pkt w stream established
Description
Considering that an alert could be discarded from the packet queue due to queue size limitations, we must consider how signatures with the `drop` action are still taken into account, even if the respective alert is dropped.
I guess... thought must also be given with regards to how do we indicate what is going on with said traffic, even if the alert isn't kept. Debug log? Specific stats counter?
Updated by Juliana Fajardini Reichow about 4 years ago
- Related to Optimization #5178: detect/alert: improve packet alert queue handling added
Updated by Juliana Fajardini Reichow about 4 years ago
- Subject changed from detect/alert: make sure that signature with `drop` action are respected, even if the alert is discarded to detect/alert: make sure that signatures with `drop` action are respected, even if the alert is discarded
Updated by Juliana Fajardini Reichow almost 4 years ago
- Status changed from New to In Progress
Updated by Juliana Fajardini Reichow almost 4 years ago
- Status changed from In Progress to Assigned
Will stop current work on this issue because we will try to follow the approach for #4943.
Updated by Juliana Fajardini Reichow almost 4 years ago
- Target version changed from TBD to 7.0.0-beta1
Updated by Juliana Fajardini Reichow almost 4 years ago
- Status changed from Assigned to In Progress
Updated by Juliana Fajardini Reichow almost 4 years ago
Back to working on this.
Draft PR for appreciation and improvements: https://github.com/OISF/suricata/pull/7469
Updated by Victor Julien over 3 years ago
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Updated by Juliana Fajardini Reichow about 3 years ago
- Tracker changed from Task to Optimization
Updated by Juliana Fajardini Reichow about 3 years ago
- Target version changed from 7.0.0-rc1 to 7.0.0-rc2
Updated by Juliana Fajardini Reichow almost 3 years ago
- Target version changed from 7.0.0-rc2 to 8.0.0-beta1
Updated by Victor Julien 12 months ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Updated by Victor Julien 9 months ago
- Priority changed from Normal to High
- Target version changed from 8.0.0-rc1 to 8.0.1
Updated by Juliana Fajardini Reichow 6 months ago
- Target version changed from 8.0.1 to 8.0.2
Updated by Victor Julien 6 months ago
- Target version changed from 8.0.2 to 9.0.0-beta1
Updated by Juliana Fajardini Reichow 5 months ago
- Related to Security #8021: eve/alert: heap buffer overflow on verdict added
Updated by Juliana Fajardini Reichow about 2 months ago
Another PR for review: https://github.com/OISF/suricata/pull/14677
this covers the first probable bug that we've noticed while investigating this issue.
Updated by Juliana Fajardini Reichow 26 days ago
- Status changed from In Progress to Resolved
- Label Needs backport to 8.0 added
Merged with: https://github.com/OISF/suricata/pull/14801
Updated by Juliana Fajardini Reichow 12 days ago
- Subject changed from detect/alert: make sure that signatures with `drop` action are respected, even if the alert is discarded to stream/tcp: flag 1st seen pkt w stream established
changing ticket subject to make it more aligned with the work done, and more changelog-compatible.