Project

General

Profile

Actions
Copy link

Optimization #7026

open

app-protos: trigger raw stream reassembly

Added by Juliana Fajardini Reichow 11 months ago. Updated 4 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

For application layer protocols over TCP that have transactions, we may need to trigger stream reassembly once they have at least one full message parseable, to avoid missing alerts that happen early on in the stream (as seen with #7004).

Subtasks 5 (0 open5 closed)

Bug #7000: pgsql: trigger raw stream reassemblyClosedJuliana Fajardini ReichowActions
Bug #7001: pgsql: trigger raw stream reassembly (7.0.x backport)ClosedJuliana Fajardini ReichowActions
Optimization #7018: dns/tcp: allow triggering raw stream reassemblyClosedJuliana Fajardini ReichowActions
Optimization #7075: dns/tcp: allow triggering raw stream reassembly (7.0.x backport)ClosedJuliana Fajardini ReichowActions
Optimization #7076: pgsql: trigger raw stream reassembly when tx completedRejectedJuliana Fajardini ReichowActions

Related issues 2 (2 open0 closed)

Related to Suricata - Bug #7004: app-layer: wrong tx may be logged for stream rulesIn ProgressShivani BhardwajActions
Related to Suricata - Documentation #4351: doc: explain the AppLayerParserTriggerRawStreamReassembly logicAssignedShivani BhardwajActions
Actions
Copy link
 #1

Updated by OISF Ticketbot 11 months ago

  • Subtask #7027 added
Actions
Copy link
 #2

Updated by OISF Ticketbot 11 months ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #3

Updated by Juliana Fajardini Reichow 11 months ago

  • Private changed from No to Yes
Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow 11 months ago

  • Subtask #7018 added
Actions
Copy link
 #5

Updated by Juliana Fajardini Reichow 10 months ago

Enip: should wait for https://github.com/OISF/suricata/pull/10901 to be merged.

Actions
Copy link
 #6

Updated by Juliana Fajardini Reichow 10 months ago

  • Tracker changed from Bug to Optimization
  • Affected Versions deleted (7.0.5, git master)
Actions
Copy link
 #7

Updated by Juliana Fajardini Reichow 10 months ago

  • Private changed from Yes to No
Actions
Copy link
 #8

Updated by Juliana Fajardini Reichow 10 months ago

  • Subtask #7000 added
Actions
Copy link
 #9

Updated by Juliana Fajardini Reichow 10 months ago

  • Subtask #7076 added
Actions
Copy link
 #11

Updated by Juliana Fajardini Reichow 6 months ago

  • Related to Bug #7004: app-layer: wrong tx may be logged for stream rules added
Actions
Copy link
 #12

Updated by Victor Julien 3 months ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Shivani Bhardwaj
Actions
Copy link
 #13

Updated by Victor Julien 3 months ago

  • Related to Documentation #4351: doc: explain the AppLayerParserTriggerRawStreamReassembly logic added
Actions
Copy link
 #14

Updated by Shivani Bhardwaj 18 days ago

I think this ticket should be rejected with an update in the title as this just reflects what shall be done to fix the bug stated in #7004. Thoughts?

Actions
Copy link
 #15

Updated by Victor Julien 18 days ago

Shivani Bhardwaj wrote in #note-14:

I think this ticket should be rejected with an update in the title as this just reflects what shall be done to fix the bug stated in #7004. Thoughts?

Not sure, implementing this affects more than tx logging.

Actions
Copy link
 #16

Updated by Shivani Bhardwaj 18 days ago

Victor Julien wrote in #note-15:

Not sure, implementing this affects more than tx logging.

I see. Thank you. I shall find that out then and see if the title needs improvement.

Actions
Copy link

Also available in: Atom PDF