Project

General

Profile

Actions

Bug #753

closed

TX handling improvement

Added by Victor Julien about 11 years ago. Updated almost 11 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

In some cases we see alerts generated by mixing up TX'. We need to improve TX handling to make this impossible.

Also, we need to store the TX id/ptr somehow so we can use it in the output functions. Like here https://github.com/inliniac/suricata/pull/241/files#L0R298

Actions #1

Updated by Anoop Saldanha about 11 years ago

This probably is 1.5. The changes are much more involved(detection engine included) to be a bug_fix release, tbh.

Actions #2

Updated by Victor Julien about 11 years ago

  • Target version changed from 1.4.1 to 2.0beta1
Actions #3

Updated by Victor Julien almost 11 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Nice work Anoop.

commit 9219079e1a02b8e3d6ea5969324800fe6efc65b1
Author: Anoop Saldanha <anoopsaldanha@gmail.com>
Date:   Mon May 20 21:16:41 2013 +0530

    Allow protocols to have both app layer keywords, as well as transaction
    based ones.

    Our general logic and assumption is protocols either support one of the
    above and not have both.

commit a490176c8ab21236924fcc04f652cca4f4a4e193
Author: Anoop Saldanha <anoopsaldanha@gmail.com>
Date:   Sat May 18 10:50:51 2013 +0530

    More lock fixes for the transaction update.  Issues reported by Coverity.

commit 7cf40423372ae3e480c0d8215df857d8f64ea86b
Author: Anoop Saldanha <anoopsaldanha@gmail.com>
Date:   Fri May 17 16:21:54 2013 +0530

    Fix luajit compilation failure introduced by the transaction update.
    Fix coverity lock issues reported by transaction update as well.

commit d4d18e3136780b776ae13da76caeddf8c5bd4f70
Author: Anoop Saldanha <anoopsaldanha@gmail.com>
Date:   Fri May 3 20:34:58 2013 +0530

    Transaction engine redesigned.

    Improved accuracy, improved performance.  Performance improvement
    noticeable with http heavy traffic and ruleset.

    A lot of other cosmetic changes carried out as well.  Wrappers introduced
    for a lot of app layer functions.

    Failing dce unittests disabled.  Will be reintroduced in the updated dce
    engine.

    Cross transaction matching taken care of.  FPs emanating from these
    matches have now disappeared.  Double inspection of transactions taken
    care of as well.
Actions

Also available in: Atom PDF