Actions
Task #7742
closed
SB
SB
ftp: trigger raw stream inspection
Task #7742:
ftp: trigger raw stream inspection
Effort:
Difficulty:
medium
Label:
Description
For application layer protocols over TCP that have transactions, we need to trigger stream inspection once they have at least one full message parseable, to avoid missing alerts that happen early on in the stream (as seen with #7004).
FTP is likely the only missing protocol with this change because the raw inspection changes triggered IRC alerts. ref: https://github.com/OISF/suricata/pull/13303#issuecomment-2911424769
SB Updated by Shivani Bhardwaj 10 months ago
- Blocked by Bug #2978: IRC traffic parsed by FTP added
SB Updated by Shivani Bhardwaj 10 months ago
- Related to Task #7026: app-protos: trigger raw stream inspection added
SB Updated by Shivani Bhardwaj 10 months ago
- Related to Bug #7004: app-layer: wrong tx may be logged for stream rules added
SB Updated by Shivani Bhardwaj 10 months ago
- Copied to Task #7743: http: trigger raw stream inspection added
SB Updated by Shivani Bhardwaj 10 months ago
- Copied to deleted (Task #7743: http: trigger raw stream inspection)
SB Updated by Shivani Bhardwaj 4 months ago
- Status changed from New to In Progress
SB Updated by Shivani Bhardwaj 4 months ago
- Status changed from In Progress to Assigned
SB Updated by Shivani Bhardwaj 3 months ago
- Difficulty changed from high to medium
SB Updated by Shivani Bhardwaj 14 days ago
- Status changed from Assigned to In Review
VJ Updated by Victor Julien 14 days ago
PR link missing?
VJ Updated by Victor Julien 14 days ago
https://github.com/OISF/suricata/pull/15114 is the correct link, I think.
SB Updated by Shivani Bhardwaj 9 days ago
- Status changed from In Review to Closed
Closed by: https://github.com/OISF/suricata/pull/15126
Actions