Project

General

Profile

Actions
Copy link

Task #7743

open

http: trigger raw stream inspection

Added by Shivani Bhardwaj 7 days ago.

Status:
New
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
9.0.0-beta1
Effort:
Difficulty:
high
Label:

Description

For application layer protocols over TCP that have transactions, we need to trigger stream inspection once they have at least one full message parseable, to avoid missing alerts that happen early on in the stream (as seen with #7004).

The effort done around this resulted in some failing s-v tests. So, it has been skipped for now but should be looked at.

Related issues 2 (1 open1 closed)

Related to Suricata - Bug #7004: app-layer: wrong tx may be logged for stream rulesClosedShivani BhardwajActions
Related to Suricata - Task #7026: app-protos: trigger raw stream inspectionResolvedShivani BhardwajActions
Actions
Copy link
 #1

Updated by Shivani Bhardwaj 7 days ago

  • Copied from Task #7742: ftp: trigger raw stream inspection added
Actions
Copy link
 #2

Updated by Shivani Bhardwaj 7 days ago

  • Copied from deleted (Task #7742: ftp: trigger raw stream inspection)
Actions
Copy link
 #3

Updated by Shivani Bhardwaj 7 days ago

  • Related to Bug #7004: app-layer: wrong tx may be logged for stream rules added
Actions
Copy link
 #4

Updated by Shivani Bhardwaj 7 days ago

  • Related to Task #7026: app-protos: trigger raw stream inspection added
Actions
Copy link

Also available in: Atom PDF