Optimization #5180
closedstream/tcp: flag 1st seen pkt w stream established
Added by Juliana Fajardini Reichow about 4 years ago. Updated 3 months ago.
Description
Considering that an alert could be discarded from the packet queue due to queue size limitations, we must consider how signatures with the `drop` action are still taken into account, even if the respective alert is dropped.
I guess... thought must also be given with regards to how do we indicate what is going on with said traffic, even if the alert isn't kept. Debug log? Specific stats counter?
JF Updated by Juliana Fajardini Reichow about 4 years ago Actions #1
- Related to Optimization #5178: detect/alert: improve packet alert queue handling added
JF Updated by Juliana Fajardini Reichow about 4 years ago Actions #2
- Subject changed from detect/alert: make sure that signature with `drop` action are respected, even if the alert is discarded to detect/alert: make sure that signatures with `drop` action are respected, even if the alert is discarded
JF Updated by Juliana Fajardini Reichow about 4 years ago Actions #3
- Status changed from New to In Progress
JF Updated by Juliana Fajardini Reichow about 4 years ago Actions #4
- Status changed from In Progress to Assigned
Will stop current work on this issue because we will try to follow the approach for #4943.
JF Updated by Juliana Fajardini Reichow about 4 years ago Actions #5
- Target version changed from TBD to 7.0.0-beta1
JF Updated by Juliana Fajardini Reichow about 4 years ago Actions #6
- Status changed from Assigned to In Progress
JF Updated by Juliana Fajardini Reichow almost 4 years ago Actions #7
Back to working on this.
Draft PR for appreciation and improvements: https://github.com/OISF/suricata/pull/7469
VJ Updated by Victor Julien over 3 years ago Actions #8
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
JF Updated by Juliana Fajardini Reichow over 3 years ago Actions #9
- Tracker changed from Task to Optimization
JF Updated by Juliana Fajardini Reichow over 3 years ago Actions #10
- Target version changed from 7.0.0-rc1 to 7.0.0-rc2
JF Updated by Juliana Fajardini Reichow about 3 years ago Actions #11
- Target version changed from 7.0.0-rc2 to 8.0.0-beta1
VJ Updated by Victor Julien about 1 year ago Actions #12
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
VJ Updated by Victor Julien 12 months ago Actions #13
- Priority changed from Normal to High
- Target version changed from 8.0.0-rc1 to 8.0.1
JF Updated by Juliana Fajardini Reichow 8 months ago Actions #14
- Target version changed from 8.0.1 to 8.0.2
VJ Updated by Victor Julien 8 months ago Actions #15
- Target version changed from 8.0.2 to 9.0.0-beta1
JF Updated by Juliana Fajardini Reichow 7 months ago Actions #16
- Related to Security #8021: eve/alert: heap buffer overflow on verdict added
JF Updated by Juliana Fajardini Reichow 4 months ago Actions #17
Another PR for review: https://github.com/OISF/suricata/pull/14677
this covers the first probable bug that we've noticed while investigating this issue.
JF Updated by Juliana Fajardini Reichow 3 months ago Actions #18
- Status changed from In Progress to Resolved
- Label Needs backport to 8.0 added
Merged with: https://github.com/OISF/suricata/pull/14801
OT Updated by OISF Ticketbot 3 months ago Actions #19
- Subtask #8299 added
OT Updated by OISF Ticketbot 3 months ago Actions #20
- Label deleted (
Needs backport to 8.0)
VJ Updated by Victor Julien 3 months ago Actions #21
- Status changed from Resolved to Closed
JF Updated by Juliana Fajardini Reichow 3 months ago Actions #22
- Subject changed from detect/alert: make sure that signatures with `drop` action are respected, even if the alert is discarded to stream/tcp: flag 1st seen pkt w stream established
changing ticket subject to make it more aligned with the work done, and more changelog-compatible.