General

Profile

Emmanuel Thompson

  • Login: e.thompson
  • Registered on: 04/02/2020
  • Last connection: 10/20/2020

Issues

open closed Total
Assigned issues 1 3 4
Reported issues 0 2 2

Projects

Project Roles Registered on
Suricata Developer 06/08/2020
Suricata-Update Developer 06/08/2020

Activity

08/31/2020

06:02 PM Suricata Feature #3440: Add QUIC Protocol Analysis and CYU Fingerprinting
@John Althouse, would you have specific PCAPs for testing? Emmanuel Thompson

07/16/2020

01:08 PM Suricata Feature #3440: Add QUIC Protocol Analysis and CYU Fingerprinting
FYI GQUIC is a predecessor of QUIC IETF
The parser in the OP parses GQUIC Versions Q039-Q046.
Emmanuel Thompson

07/15/2020

01:49 PM Suricata Feature #3440: Add QUIC Protocol Analysis and CYU Fingerprinting
Quiche could be nice for parsing, we can then manipulate on the parsed values. It also has support for many drafts of... Emmanuel Thompson

07/13/2020

08:32 PM Suricata Feature #3440: Add QUIC Protocol Analysis and CYU Fingerprinting
I can look into this. Here's what I'm thinking:
QUIC AppLayer
Parser: Rust
- Look at using https://github.com/...
Emmanuel Thompson

05/20/2020

06:37 PM Suricata Bug #3720: Incorrect handling of ASN1 relative_offset keyword
https://github.com/OISF/suricata/pull/4966 Emmanuel Thompson
06:24 PM Suricata Bug #3720 (Closed): Incorrect handling of ASN1 relative_offset keyword
The relative_offset keyword option allows to read past the front of the buffer with a negative offset, no bounds chec... Emmanuel Thompson

05/19/2020

02:19 PM Suricata Optimization #2977: replace asn1 parser with rust based implementation
Draft PR: https://github.com/OISF/suricata/pull/4954 Emmanuel Thompson
02:14 PM Suricata Bug #3628: Incorrect ASN.1 long form length parsing
https://github.com/OISF/suricata/pull/4798 Emmanuel Thompson
02:13 PM Suricata Bug #3628: Incorrect ASN.1 long form length parsing
PR: Emmanuel Thompson

04/09/2020

03:50 PM Suricata Bug #3628 (Closed): Incorrect ASN.1 long form length parsing
Currently the definite long form is parsed as an additive length. This
https://github.com/OISF/suricata/blob/suric...
Emmanuel Thompson

Also available in: Atom