-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lib: callback on tcp data #6247
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
letting the callback decide if suricata proceeds further
Codecov Report
@@ Coverage Diff @@
## master #6247 +/- ##
==========================================
- Coverage 76.94% 76.94% -0.01%
==========================================
Files 611 611
Lines 186146 186146
==========================================
- Hits 143236 143227 -9
- Misses 42910 42919 +9
Flags with carried forward coverage won't be shown. Click here to find out more. |
Not too keen on the compile time option. In the bigger picture of a
|
|
Continued in #6252 |
victorjulien
added a commit
to victorjulien/suricata
that referenced
this pull request
Aug 3, 2023
Fixes multi-tenant multi-loader crashes. Bug: OISF#6247.
victorjulien
added a commit
to victorjulien/suricata
that referenced
this pull request
Aug 3, 2023
Fixes multi-tenant multi-loader crashes. Bug: OISF#6247.
victorjulien
added a commit
to victorjulien/suricata
that referenced
this pull request
Aug 8, 2023
Fixes multi-tenant multi-loader crashes. Bug: OISF#6247.
victorjulien
added a commit
to victorjulien/suricata
that referenced
this pull request
Aug 8, 2023
Switch to DetectParseRegex and use a local pcre2_match_data to avoid concurrency issues. Bug: OISF#6247.
victorjulien
added a commit
to victorjulien/suricata
that referenced
this pull request
Aug 11, 2023
Fixes multi-tenant multi-loader crashes. Bug: OISF#6247.
victorjulien
added a commit
to victorjulien/suricata
that referenced
this pull request
Aug 11, 2023
Switch to DetectParseRegex and use a local pcre2_match_data to avoid concurrency issues. Bug: OISF#6247.
jlucovsky
pushed a commit
to jlucovsky/suricata
that referenced
this pull request
Aug 14, 2023
Fixes multi-tenant multi-loader crashes. Bug: OISF#6247.
jlucovsky
pushed a commit
to jlucovsky/suricata
that referenced
this pull request
Aug 14, 2023
Switch to DetectParseRegex and use a local pcre2_match_data to avoid concurrency issues. Bug: OISF#6247.
yatink
pushed a commit
to yatink/suricata
that referenced
this pull request
Aug 19, 2023
Fixes multi-tenant multi-loader crashes. Bug: OISF#6247.
yatink
pushed a commit
to yatink/suricata
that referenced
this pull request
Aug 19, 2023
Switch to DetectParseRegex and use a local pcre2_match_data to avoid concurrency issues. Bug: OISF#6247.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/4431
Describe changes:
AppLayerHandleTCPData
) to be used in libsuricataBuilt with
export CFLAGS=-DLIBSURICATA_BUILD=1
Ngrep POC is available at https://github.com/catenacyber/ngrep-libsuricata
The other alternative I see to have some ngrep over libsuricata, benefiting from suricata TCP reassembly, is to have a big architectural change in the tcp reassembly to have sequentially tcp reassembly, then app-layer processing on data supplied by tcp reassembly,
ie to call
AppLayerHandleTCPData
(orStreamTcpReassembleAppLayer
) directly fromFlowWorker
afterFlowWorkerStreamTCPUpdate
, instead of havingAppLayerHandleTCPData
getting called in a 9-deep functions stackThis alternative is complex, and should also take into account the fact that suricata TCP reassembly depends on app-layer processing (sic !) for the case with a request like
GOT / HTTP/1.1
(not GET) and response likeHTTP/1.1 200 OK
where protocol detection recognizes HTTP1 in the response (and nothing in the request), but then wants to parse the HTTP1-ish request before parsing the response. cfAppLayerTest05