Task #7026
closedapp-protos: trigger raw stream inspection
Description
For application layer protocols over TCP that have transactions, we need to trigger stream inspection once they have at least one full message parseable, to avoid missing alerts that happen early on in the stream (as seen with #7004).
OT Updated by OISF Ticketbot almost 2 years ago
- Subtask #7027 added
OT Updated by OISF Ticketbot almost 2 years ago
- Label deleted (
Needs backport to 7.0)
JF Updated by Juliana Fajardini Reichow almost 2 years ago
- Private changed from No to Yes
JF Updated by Juliana Fajardini Reichow almost 2 years ago
- Subtask #7018 added
JF Updated by Juliana Fajardini Reichow almost 2 years ago
Enip: should wait for https://github.com/OISF/suricata/pull/10901 to be merged.
JF Updated by Juliana Fajardini Reichow almost 2 years ago
- Tracker changed from Bug to Optimization
- Affected Versions deleted (
7.0.5, git main)
JF Updated by Juliana Fajardini Reichow almost 2 years ago
- Private changed from Yes to No
JF Updated by Juliana Fajardini Reichow almost 2 years ago
- Subtask #7000 added
JF Updated by Juliana Fajardini Reichow almost 2 years ago
- Subtask #7076 added
JF Updated by Juliana Fajardini Reichow almost 2 years ago
ENIP merged: https://github.com/OISF/suricata/pull/11184
JF Updated by Juliana Fajardini Reichow over 1 year ago
- Related to Bug #7004: app-layer: wrong tx may be logged for stream rules added
VJ Updated by Victor Julien over 1 year ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Shivani Bhardwaj
VJ Updated by Victor Julien about 1 year ago
- Related to Documentation #4351: doc: explain the engine logic to trigger inspection of TCP data added
SB Updated by Shivani Bhardwaj about 1 year ago
I think this ticket should be rejected with an update in the title as this just reflects what shall be done to fix the bug stated in #7004. Thoughts?
VJ Updated by Victor Julien about 1 year ago
SB Updated by Shivani Bhardwaj about 1 year ago
Victor Julien wrote in #note-15:
Not sure, implementing this affects more than tx logging.
I see. Thank you. I shall find that out then and see if the title needs improvement.
SB Updated by Shivani Bhardwaj about 1 year ago
- Status changed from Assigned to In Progress
VJ Updated by Victor Julien about 1 year ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
SB Updated by Shivani Bhardwaj 11 months ago
- Tracker changed from Optimization to Task
SB Updated by Shivani Bhardwaj 11 months ago
- Subject changed from app-protos: trigger raw stream reassembly to app-protos: trigger raw stream inspection
- Description updated (diff)
SB Updated by Shivani Bhardwaj 11 months ago
Merged batch \#1: https://github.com/OISF/suricata/pull/13237
SB Updated by Shivani Bhardwaj 11 months ago
Merged batch \#2: https://github.com/OISF/suricata/pull/13282
SB Updated by Shivani Bhardwaj 11 months ago
- Difficulty set to high
SB Updated by Shivani Bhardwaj 10 months ago
- Related to Task #7742: ftp: trigger raw stream inspection added
SB Updated by Shivani Bhardwaj 10 months ago
- Related to Task #7743: http: trigger raw stream inspection added
SB Updated by Shivani Bhardwaj 10 months ago
- Status changed from In Progress to Resolved
Closed by: https://github.com/OISF/suricata/pull/13389
VJ Updated by Victor Julien 8 months ago
- Status changed from Resolved to Closed