Feature #4566
openpgsql: add subprotocol-states
Description
In order to keep adding PostgreSQL support in Suricata, cover sub-protocol states:
- Extended query
- COPY operators
- Replication
- Function call
- Termination
Even though PostgreSQL refers to those as sub-protocols, to Suri, they're more like sub-states, where we'll expect to parse different sets of messages.
These could then be used in some Detect situations as well.
More details about each sub-protocol can be found in the protocol official documentation: https://www.postgresql.org/docs/13/protocol-flow.html
Updated by Juliana Fajardini Reichow over 3 years ago
- Assignee set to Juliana Fajardini Reichow
Updated by Juliana Fajardini Reichow over 3 years ago
- Related to Feature #4241: Protocol support: PostgreSQL (pgsql) added
Updated by Juliana Fajardini Reichow over 3 years ago
- Subject changed from Protocol support: PostgreSQL - add subprotocols to Protocol support: PostgreSQL - add subprotocol-states
- Description updated (diff)
Updating to better explain what sub-protocols meant, here.
Updated by Victor Julien over 3 years ago
- Subject changed from Protocol support: PostgreSQL - add subprotocol-states to pgsql: add subprotocol-states
Updated by Victor Julien over 2 years ago
- Target version changed from 7.0.0-beta1 to 8.0.0-beta1
Updated by Victor Julien about 1 month ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Updated by Juliana Fajardini Reichow 24 days ago
Reading and re-reading https://www.postgresql.org/docs/13/protocol-flow.html#PROTOCOL-COPY, I wonder if this shouldn't be veered towards having different modes, that could then accept and process certain kinds of messages -- and if there is any difference in this, or just terminology. Maybe there is, because, for instance, both Simple Query and Extended Query are covered by the command-processing mode.
On the other hand, this may be a level of detail that is only important to the pgsql server to know, and not to Suri... (leaving these thoughts here to keep them saved)