Optimization #7026
open
app-protos: trigger raw stream reassembly
Added by Juliana Fajardini Reichow 11 months ago.
Updated 7 days ago.
Description
For application layer protocols over TCP that have transactions, we may need to trigger stream reassembly once they have at least one full message parseable, to avoid missing alerts that happen early on in the stream (as seen with #7004).
Related issues
2 (2 open — 0 closed)
- Label deleted (
Needs backport to 7.0)
- Private changed from No to Yes
- Tracker changed from Bug to Optimization
- Affected Versions deleted (
7.0.5, git master)
- Private changed from Yes to No
- Related to Bug #7004: app-layer: wrong tx may be logged for stream rules added
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Shivani Bhardwaj
- Related to Documentation #4351: doc: explain the AppLayerParserTriggerRawStreamReassembly logic added
I think this ticket should be rejected with an update in the title as this just reflects what shall be done to fix the bug stated in #7004. Thoughts?
Shivani Bhardwaj wrote in #note-14:
I think this ticket should be rejected with an update in the title as this just reflects what shall be done to fix the bug stated in #7004. Thoughts?
Not sure, implementing this affects more than tx logging.
Victor Julien wrote in #note-15:
Not sure, implementing this affects more than tx logging.
I see. Thank you. I shall find that out then and see if the title needs improvement.
Also available in: Atom
PDF