[Oisf-devel] SCTP chucks
Victor Julien
victor at inliniac.net
Fri Mar 18 08:52:48 UTC 2016
On 17-03-16 11:50, Alexandre De Oliveira wrote:
> I'm using suricata for quite some time, and since I'm really interested
> in telecom security I need to handle packets using SCTP transport layer.
>
> One of the optimisation of SCTP is that you have chunking of data
> payloads on the same IP/SCTP packet. The issue is when I'm getting the
> packets from suricata to analyse them with LuaJIT for example, I'm
> getting full packets and I need to dechunk them myself on LuaJIT which
> is not the best in term of performance/memory usage.
>
> Do you think it's possible that suricata could dechunk packet directly
> at the SCTP parsing level and allow to get the chuck payloads in a
> "list" directly from LuaJIT ?
Currently the SCTP support in Suricata is very limited. We're not
parsing the chunks. So at this moment it's not possible.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list