Project

General

Profile

Actions

Bug #7000

closed

Optimization #7026: app-protos: trigger raw stream reassembly

pgsql: trigger raw stream reassembly

Added by Juliana Fajardini Reichow 7 months ago. Updated 2 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

When a new PgsqlTransaction was created, the tx_id was adjusted to start at 1.
Disconsidering this, get_tx and free_tx were still incrementing tx_id when performing their logics,
leading to discrepancies when logging alert metadata for pgsql (to name one that we were able to notice).

This might also happen with template.rs, will investigate.
---------------
Update: turns out that the template code also takes this into consideration, as well as the core of the engine.

So the solution here was actually to trigger the raw stream reassembly earlier, so, I added this one as a sub ticket of #7026


Subtasks 1 (0 open1 closed)

Bug #7001: pgsql: trigger raw stream reassembly (7.0.x backport)ClosedJuliana Fajardini ReichowActions

Related issues 4 (1 open3 closed)

Related to Suricata - Bug #7004: app-layer: wrong tx may be logged for stream rulesIn ProgressJuliana Fajardini ReichowActions
Related to Suricata - Optimization #7018: dns/tcp: allow triggering raw stream reassemblyClosedJuliana Fajardini ReichowActions
Related to Suricata - Bug #7113: pgsql: track 'progress' in tx per directionClosedJuliana Fajardini ReichowActions
Has duplicate Suricata - Optimization #7076: pgsql: trigger raw stream reassembly when tx completedRejectedJuliana Fajardini ReichowActions
Actions #1

Updated by OISF Ticketbot 7 months ago

  • Subtask #7001 added
Actions #2

Updated by OISF Ticketbot 7 months ago

  • Label deleted (Needs backport to 7.0)
Actions #3

Updated by Juliana Fajardini Reichow 7 months ago

  • Status changed from In Progress to In Review
Actions #4

Updated by Juliana Fajardini Reichow 7 months ago

According to further investigation by Jason, it doesn't seem that the fix is needed for template.rs (cf https://github.com/OISF/suricata/pull/10997#discussion_r1585608422)

Actions #5

Updated by Jason Ish 7 months ago

  • Related to Bug #7004: app-layer: wrong tx may be logged for stream rules added
Actions #6

Updated by Juliana Fajardini Reichow 6 months ago

Actions #7

Updated by Juliana Fajardini Reichow 6 months ago

  • Status changed from In Review to Resolved
Actions #8

Updated by Juliana Fajardini Reichow 6 months ago

  • Parent task set to #7026

The solution here was actually to trigger the raw stream reassembly earlier, so, I'll add this one as a subticket of #7026

Actions #9

Updated by Victor Julien 5 months ago

  • Related to Bug #7113: pgsql: track 'progress' in tx per direction added
Actions #10

Updated by Juliana Fajardini Reichow 3 months ago

  • Description updated (diff)
Actions #11

Updated by Juliana Fajardini Reichow 2 months ago

  • Subject changed from pgsql: partially incorrect tx_id tracking to pgsql: trigger raw stream reassembly

Updating the title to reflect the actual solution.

Actions #12

Updated by Juliana Fajardini Reichow 2 months ago

  • Status changed from Resolved to Closed
Actions #13

Updated by Juliana Fajardini Reichow 2 months ago

  • Has duplicate Optimization #7076: pgsql: trigger raw stream reassembly when tx completed added
Actions

Also available in: Atom PDF