Project

General

Profile

Actions
Copy link

Task #7026

open

app-protos: trigger raw stream inspection

Added by Juliana Fajardini Reichow about 1 year ago. Updated 13 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
8.0.0-rc1
Effort:
Difficulty:
high
Label:

Description

For application layer protocols over TCP that have transactions, we need to trigger stream inspection once they have at least one full message parseable, to avoid missing alerts that happen early on in the stream (as seen with #7004).

Subtasks 5 (0 open5 closed)

Bug #7000: pgsql: trigger raw stream reassemblyClosedJuliana Fajardini ReichowActions
Bug #7001: pgsql: trigger raw stream reassembly (7.0.x backport)ClosedJuliana Fajardini ReichowActions
Optimization #7018: dns/tcp: allow triggering raw stream reassemblyClosedJuliana Fajardini ReichowActions
Optimization #7075: dns/tcp: allow triggering raw stream reassembly (7.0.x backport)ClosedJuliana Fajardini ReichowActions
Optimization #7076: pgsql: trigger raw stream reassembly when tx completedRejectedJuliana Fajardini ReichowActions

Related issues 4 (3 open1 closed)

Related to Suricata - Bug #7004: app-layer: wrong tx may be logged for stream rulesClosedShivani BhardwajActions
Related to Suricata - Documentation #4351: doc: explain the engine logic to trigger inspection of TCP dataIn ReviewShivani BhardwajActions
Related to Suricata - Task #7742: ftp: trigger raw stream inspectionNewShivani BhardwajActions
Related to Suricata - Task #7743: http: trigger raw stream inspectionNewShivani BhardwajActions
Actions
Copy link
 #1

Updated by OISF Ticketbot about 1 year ago

  • Subtask #7027 added
Actions
Copy link
 #2

Updated by OISF Ticketbot about 1 year ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #3

Updated by Juliana Fajardini Reichow about 1 year ago

  • Private changed from No to Yes
Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow about 1 year ago

  • Subtask #7018 added
Actions
Copy link
 #5

Updated by Juliana Fajardini Reichow about 1 year ago

Enip: should wait for https://github.com/OISF/suricata/pull/10901 to be merged.

Actions
Copy link
 #6

Updated by Juliana Fajardini Reichow about 1 year ago

  • Tracker changed from Bug to Optimization
  • Affected Versions deleted (7.0.5, git master)
Actions
Copy link
 #7

Updated by Juliana Fajardini Reichow about 1 year ago

  • Private changed from Yes to No
Actions
Copy link
 #8

Updated by Juliana Fajardini Reichow about 1 year ago

  • Subtask #7000 added
Actions
Copy link
 #9

Updated by Juliana Fajardini Reichow about 1 year ago

  • Subtask #7076 added
Actions
Copy link
 #11

Updated by Juliana Fajardini Reichow 9 months ago

  • Related to Bug #7004: app-layer: wrong tx may be logged for stream rules added
Actions
Copy link
 #12

Updated by Victor Julien 5 months ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Shivani Bhardwaj
Actions
Copy link
 #13

Updated by Victor Julien 5 months ago

  • Related to Documentation #4351: doc: explain the engine logic to trigger inspection of TCP data added
Actions
Copy link
 #14

Updated by Shivani Bhardwaj 3 months ago

I think this ticket should be rejected with an update in the title as this just reflects what shall be done to fix the bug stated in #7004. Thoughts?

Actions
Copy link
 #15

Updated by Victor Julien 3 months ago

Shivani Bhardwaj wrote in #note-14:

I think this ticket should be rejected with an update in the title as this just reflects what shall be done to fix the bug stated in #7004. Thoughts?

Not sure, implementing this affects more than tx logging.

Actions
Copy link
 #16

Updated by Shivani Bhardwaj 3 months ago

Victor Julien wrote in #note-15:

Not sure, implementing this affects more than tx logging.

I see. Thank you. I shall find that out then and see if the title needs improvement.

Actions
Copy link
 #17

Updated by Shivani Bhardwaj 3 months ago

  • Status changed from Assigned to In Progress
Actions
Copy link
 #18

Updated by Victor Julien 3 months ago

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Actions
Copy link
 #19

Updated by Shivani Bhardwaj about 1 month ago

  • Tracker changed from Optimization to Task
Actions
Copy link
 #20

Updated by Shivani Bhardwaj about 1 month ago

  • Subject changed from app-protos: trigger raw stream reassembly to app-protos: trigger raw stream inspection
  • Description updated (diff)
Actions
Copy link
 #23

Updated by Shivani Bhardwaj 27 days ago

  • Difficulty set to high
Actions
Copy link
 #24

Updated by Shivani Bhardwaj 16 days ago

  • Related to Task #7742: ftp: trigger raw stream inspection added
Actions
Copy link
 #25

Updated by Shivani Bhardwaj 15 days ago

  • Related to Task #7743: http: trigger raw stream inspection added
Actions
Copy link
 #26

Updated by Shivani Bhardwaj 13 days ago

  • Status changed from In Progress to Resolved
Actions
Copy link

Also available in: Atom PDF