Task #7026
closedapp-protos: trigger raw stream inspection
Added by Juliana Fajardini Reichow almost 2 years ago. Updated 8 months ago.
Description
For application layer protocols over TCP that have transactions, we need to trigger stream inspection once they have at least one full message parseable, to avoid missing alerts that happen early on in the stream (as seen with #7004).
OT Updated by OISF Ticketbot almost 2 years ago Actions #1
- Subtask #7027 added
OT Updated by OISF Ticketbot almost 2 years ago Actions #2
- Label deleted (
Needs backport to 7.0)
JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions #3
- Private changed from No to Yes
JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions #4
- Subtask #7018 added
JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions #5
Enip: should wait for https://github.com/OISF/suricata/pull/10901 to be merged.
JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions #6
- Tracker changed from Bug to Optimization
- Affected Versions deleted (
7.0.5, git main)
JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions #7
- Private changed from Yes to No
JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions #8
- Subtask #7000 added
JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions #9
- Subtask #7076 added
JF Updated by Juliana Fajardini Reichow almost 2 years ago Actions #10
ENIP merged: https://github.com/OISF/suricata/pull/11184
JF Updated by Juliana Fajardini Reichow over 1 year ago Actions #11
- Related to Bug #7004: app-layer: wrong tx may be logged for stream rules added
VJ Updated by Victor Julien about 1 year ago Actions #12
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Shivani Bhardwaj
VJ Updated by Victor Julien about 1 year ago Actions #13
- Related to Documentation #4351: doc: explain the engine logic to trigger inspection of TCP data added
SB Updated by Shivani Bhardwaj about 1 year ago Actions #14
I think this ticket should be rejected with an update in the title as this just reflects what shall be done to fix the bug stated in #7004. Thoughts?
VJ Updated by Victor Julien about 1 year ago Actions #15
SB Updated by Shivani Bhardwaj about 1 year ago Actions #16
Victor Julien wrote in #note-15:
Not sure, implementing this affects more than tx logging.
I see. Thank you. I shall find that out then and see if the title needs improvement.
SB Updated by Shivani Bhardwaj about 1 year ago Actions #17
- Status changed from Assigned to In Progress
VJ Updated by Victor Julien about 1 year ago Actions #18
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
SB Updated by Shivani Bhardwaj 11 months ago Actions #19
- Tracker changed from Optimization to Task
SB Updated by Shivani Bhardwaj 11 months ago Actions #20
- Subject changed from app-protos: trigger raw stream reassembly to app-protos: trigger raw stream inspection
- Description updated (diff)
SB Updated by Shivani Bhardwaj 11 months ago Actions #21
Merged batch \#1: https://github.com/OISF/suricata/pull/13237
SB Updated by Shivani Bhardwaj 11 months ago Actions #22
Merged batch \#2: https://github.com/OISF/suricata/pull/13282
SB Updated by Shivani Bhardwaj 11 months ago Actions #23
- Difficulty set to high
SB Updated by Shivani Bhardwaj 10 months ago Actions #24
- Related to Task #7742: ftp: trigger raw stream inspection added
SB Updated by Shivani Bhardwaj 10 months ago Actions #25
- Related to Task #7743: http: trigger raw stream inspection added
SB Updated by Shivani Bhardwaj 10 months ago Actions #26
- Status changed from In Progress to Resolved
Closed by: https://github.com/OISF/suricata/pull/13389
VJ Updated by Victor Julien 8 months ago Actions #27
- Status changed from Resolved to Closed