Actions
Optimization #7026
openapp-protos: trigger raw stream reassembly
Effort:
Difficulty:
Label:
Description
For application layer protocols over TCP that have transactions, we may need to trigger stream reassembly once they have at least one full message parseable, to avoid missing alerts that happen early on in the stream (as seen with #7004).
Updated by Juliana Fajardini Reichow 12 months ago
- Private changed from No to Yes
Updated by Juliana Fajardini Reichow 12 months ago
Enip: should wait for https://github.com/OISF/suricata/pull/10901 to be merged.
Updated by Juliana Fajardini Reichow 11 months ago
- Tracker changed from Bug to Optimization
- Affected Versions deleted (
7.0.5, git master)
Updated by Juliana Fajardini Reichow 11 months ago
- Private changed from Yes to No
Updated by Juliana Fajardini Reichow 11 months ago
ENIP merged: https://github.com/OISF/suricata/pull/11184
Updated by Juliana Fajardini Reichow 8 months ago
- Related to Bug #7004: app-layer: wrong tx may be logged for stream rules added
Updated by Victor Julien 4 months ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Shivani Bhardwaj
Updated by Victor Julien 4 months ago
- Related to Documentation #4351: doc: explain the engine logic to trigger reassembly of TCP data added
Updated by Shivani Bhardwaj about 2 months ago
I think this ticket should be rejected with an update in the title as this just reflects what shall be done to fix the bug stated in #7004. Thoughts?
Updated by Victor Julien about 2 months ago
Updated by Shivani Bhardwaj about 2 months ago
Victor Julien wrote in #note-15:
Not sure, implementing this affects more than tx logging.
I see. Thank you. I shall find that out then and see if the title needs improvement.
Updated by Shivani Bhardwaj about 1 month ago
- Status changed from Assigned to In Progress
Updated by Victor Julien about 1 month ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Actions