Task #7026
openapp-protos: trigger raw stream inspection
Description
For application layer protocols over TCP that have transactions, we need to trigger stream inspection once they have at least one full message parseable, to avoid missing alerts that happen early on in the stream (as seen with #7004).
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 7.0)
Updated by Juliana Fajardini Reichow about 1 year ago
- Private changed from No to Yes
Updated by Juliana Fajardini Reichow about 1 year ago
Enip: should wait for https://github.com/OISF/suricata/pull/10901 to be merged.
Updated by Juliana Fajardini Reichow 12 months ago
- Tracker changed from Bug to Optimization
- Affected Versions deleted (
7.0.5, git master)
Updated by Juliana Fajardini Reichow 12 months ago
- Private changed from Yes to No
Updated by Juliana Fajardini Reichow 12 months ago
ENIP merged: https://github.com/OISF/suricata/pull/11184
Updated by Juliana Fajardini Reichow 8 months ago
- Related to Bug #7004: app-layer: wrong tx may be logged for stream rules added
Updated by Victor Julien 5 months ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Shivani Bhardwaj
Updated by Victor Julien 5 months ago
- Related to Documentation #4351: doc: explain the engine logic to trigger inspection of TCP data added
Updated by Shivani Bhardwaj 3 months ago
I think this ticket should be rejected with an update in the title as this just reflects what shall be done to fix the bug stated in #7004. Thoughts?
Updated by Victor Julien 3 months ago
Updated by Shivani Bhardwaj 3 months ago
Victor Julien wrote in #note-15:
Not sure, implementing this affects more than tx logging.
I see. Thank you. I shall find that out then and see if the title needs improvement.
Updated by Shivani Bhardwaj 2 months ago
- Status changed from Assigned to In Progress
Updated by Victor Julien about 2 months ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Updated by Shivani Bhardwaj 12 days ago
- Tracker changed from Optimization to Task
Updated by Shivani Bhardwaj 11 days ago
- Subject changed from app-protos: trigger raw stream reassembly to app-protos: trigger raw stream inspection
- Description updated (diff)
Updated by Shivani Bhardwaj 11 days ago
Merged batch \#1: https://github.com/OISF/suricata/pull/13237
Updated by Shivani Bhardwaj 9 days ago
Merged batch \#2: https://github.com/OISF/suricata/pull/13282