[Oisf-devel] SCTP chucks
Alexandre De Oliveira
mail at alexandredeoliveira.fr
Thu Mar 17 10:50:28 UTC 2016
Hello guys,
I'm using suricata for quite some time, and since I'm really interested in
telecom security I need to handle packets using SCTP transport layer.
One of the optimisation of SCTP is that you have chunking of data payloads
on the same IP/SCTP packet. The issue is when I'm getting the packets from
suricata to analyse them with LuaJIT for example, I'm getting full packets
and I need to dechunk them myself on LuaJIT which is not the best in term
of performance/memory usage.
Do you think it's possible that suricata could dechunk packet directly at
the SCTP parsing level and allow to get the chuck payloads in a "list"
directly from LuaJIT ?
Thank you again for your work on Suricata :)
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20160317/11eae458/attachment.html>
More information about the Oisf-devel
mailing list