Project

General

Profile

Actions

Bug #7000

closed

Optimization #7026: app-protos: trigger raw stream reassembly

pgsql: trigger raw stream reassembly

Added by Juliana Fajardini Reichow 7 months ago. Updated 2 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

When a new PgsqlTransaction was created, the tx_id was adjusted to start at 1.
Disconsidering this, get_tx and free_tx were still incrementing tx_id when performing their logics,
leading to discrepancies when logging alert metadata for pgsql (to name one that we were able to notice).

This might also happen with template.rs, will investigate.
---------------
Update: turns out that the template code also takes this into consideration, as well as the core of the engine.

So the solution here was actually to trigger the raw stream reassembly earlier, so, I added this one as a sub ticket of #7026


Subtasks 1 (0 open1 closed)

Bug #7001: pgsql: trigger raw stream reassembly (7.0.x backport)ClosedJuliana Fajardini ReichowActions

Related issues 4 (1 open3 closed)

Related to Suricata - Bug #7004: app-layer: wrong tx may be logged for stream rulesIn ProgressJuliana Fajardini ReichowActions
Related to Suricata - Optimization #7018: dns/tcp: allow triggering raw stream reassemblyClosedJuliana Fajardini ReichowActions
Related to Suricata - Bug #7113: pgsql: track 'progress' in tx per directionClosedJuliana Fajardini ReichowActions
Has duplicate Suricata - Optimization #7076: pgsql: trigger raw stream reassembly when tx completedRejectedJuliana Fajardini ReichowActions
Actions

Also available in: Atom PDF