Project

General

Profile

Actions
Copy link

Bug #7000

closed
JF JF

Task #7026: app-protos: trigger raw stream inspection

pgsql: trigger raw stream reassembly

Bug #7000: pgsql: trigger raw stream reassembly

Added by Juliana Fajardini Reichow almost 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Juliana Fajardini Reichow
Target version:
8.0.0-beta1
Affected Versions:
7.0.5
Effort:
Difficulty:
Label:

Description

When a new PgsqlTransaction was created, the tx_id was adjusted to start at 1.
Disconsidering this, get_tx and free_tx were still incrementing tx_id when performing their logics,
leading to discrepancies when logging alert metadata for pgsql (to name one that we were able to notice).

This might also happen with template.rs, will investigate.
---------------
Update: turns out that the template code also takes this into consideration, as well as the core of the engine.

So the solution here was actually to trigger the raw stream reassembly earlier, so, I added this one as a sub ticket of #7026

Subtasks 1 (0 open1 closed)

Bug #7001: pgsql: trigger raw stream reassembly (7.0.x backport)ClosedJuliana Fajardini ReichowActions

Related issues 4 (0 open4 closed)

Related to Suricata - Bug #7004: app-layer: wrong tx may be logged for stream rulesClosedShivani BhardwajActions
Related to Suricata - Optimization #7018: dns/tcp: allow triggering raw stream reassemblyClosedJuliana Fajardini ReichowActions
Related to Suricata - Bug #7113: pgsql: track 'progress' in tx per directionClosedJuliana Fajardini ReichowActions
Has duplicate Suricata - Optimization #7076: pgsql: trigger raw stream reassembly when tx completedRejectedJuliana Fajardini ReichowActions

OT Updated by OISF Ticketbot almost 2 years ago Actions
Copy link
 #1

  • Subtask #7001 added

OT Updated by OISF Ticketbot almost 2 years ago Actions
Copy link
 #2

  • Label deleted (Needs backport to 7.0)

JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions
Copy link
 #3

  • Status changed from In Progress to In Review

JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions
Copy link
 #4

According to further investigation by Jason, it doesn't seem that the fix is needed for template.rs (cf https://github.com/OISF/suricata/pull/10997#discussion_r1585608422)

JI Updated by Jason Ish almost 2 years ago Actions
Copy link
 #5

  • Related to Bug #7004: app-layer: wrong tx may be logged for stream rules added

JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions
Copy link
 #6

JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions
Copy link
 #7

  • Status changed from In Review to Resolved

JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions
Copy link
 #8

  • Parent task set to #7026

The solution here was actually to trigger the raw stream reassembly earlier, so, I'll add this one as a subticket of #7026

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
 #9

  • Related to Bug #7113: pgsql: track 'progress' in tx per direction added

JF Updated by Juliana Fajardini Reichow over 1 year ago Actions
Copy link
 #10

  • Description updated (diff)

JF Updated by Juliana Fajardini Reichow over 1 year ago Actions
Copy link
 #11

  • Subject changed from pgsql: partially incorrect tx_id tracking to pgsql: trigger raw stream reassembly

Updating the title to reflect the actual solution.

JF Updated by Juliana Fajardini Reichow over 1 year ago Actions
Copy link
 #12

  • Status changed from Resolved to Closed

JF Updated by Juliana Fajardini Reichow over 1 year ago Actions
Copy link
 #13

  • Has duplicate Optimization #7076: pgsql: trigger raw stream reassembly when tx completed added
Actions
Copy link

Also available in: PDF Atom