Bug #7449
openapp-layer metadata does not get logged for stream rules and unidirectional protocols
Description
As brought up to me by Philippe, even though #7018 was merged, its related tests are failing
on master.
Investigate the case, and find a fix.
(Subject probably to be reworded later on)
Updated by Juliana Fajardini Reichow 11 days ago
- Related to Optimization #7018: dns/tcp: allow triggering raw stream reassembly added
Updated by Philippe Antoine 10 days ago
- Status changed from New to In Review
Updated by Philippe Antoine 10 days ago
Well the fix is mostly in https://github.com/OISF/suricata-verify/pull/2180 I suppose
Updated by Juliana Fajardini Reichow 10 days ago
- Assignee changed from Juliana Fajardini Reichow to Philippe Antoine
Changing assignee as Philippe took up on this one.
Updated by Philippe Antoine 9 days ago
- Related to Bug #7199: detect: missing app-layer metadata in alerts added
Updated by Philippe Antoine 4 days ago
- Blocks Task #7461: suricata-verify: pass all tests added
Updated by Philippe Antoine 3 days ago
- Subject changed from investigate: dns raw stream reassembly tests fail on master to app-layer metadata does not get logged for stream rules and unidirectional protocols
App-layer metadata does not get logged for stream rules and unidirectional protocols :
This was highlighted by SV tests 7018... But they were skipped on master due to DNS V3 logging
The problematic sequence is (seen only in IDS mode)
1. request arrives - buffered due to not ackd
2. response arrives, acks request - request is now parsed, response isn't
3. ack for response, response parsed. Then detect runs for request, generates alert. We now have 2 txs. txid will be 0 from AppLayerParserGetTransactionInspectId
But txid 1 is unidirectional in the other way, so we can use txid 0 metadata for logging