[Oisf-devel] SCTP chucks

Alexandre De Oliveira mail at alexandredeoliveira.fr
Thu Mar 17 10:50:28 UTC 2016

Hello guys,

I'm using suricata for quite some time, and since I'm really interested in
telecom security I need to handle packets using SCTP transport layer.

One of the optimisation of SCTP is that you have chunking of data payloads
on the same IP/SCTP packet. The issue is when I'm getting the packets from
suricata to analyse them with LuaJIT for example, I'm getting full packets
and I need to dechunk them myself on LuaJIT which is not the best in term
of performance/memory usage.

Do you think it's possible that suricata could dechunk packet directly at
the SCTP parsing level and allow to get the chuck payloads in a "list"
directly from LuaJIT ?

Thank you again for your work on Suricata :)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20160317/11eae458/attachment.html>

More information about the Oisf-devel mailing list