https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022014-04-02T06:47:19ZOpen Information Security FoundationSuricata - Bug #1161: eve: src and dst mixed up in some caseshttps://redmine.openinfosecfoundation.org/issues/1161?journal_id=42032014-04-02T06:47:19ZChristophe Vandeplaschristophe@vandeplas.com
<ul></ul><p>Here's my analysis and remarks with the different event_types and the patch from <a class="external" href="https://github.com/inliniac/suricata/pull/915">https://github.com/inliniac/suricata/pull/915</a></p>
<p>http - src/dst switched => Patch OK <br />http - length = is this the size from client to server or from server to client? What with the other one ? In HTTP POST (for example) it's important to know client-to-server.</p>
<p>fileinfo - toserver - probably not needed => probably out of scope, or otherwise content type must be decoded to be of any use<br />fileinfo - toclient - src/dst switched => Patch OK</p>
<p>dns - type:query - src/dst switched => Patch OK<br />dns - type:answer - src/dst correct => Patch ERROR</p> Suricata - Bug #1161: eve: src and dst mixed up in some caseshttps://redmine.openinfosecfoundation.org/issues/1161?journal_id=42942014-04-23T06:43:37ZVictor Julienvictor@inliniac.net
<ul><li><strong>Priority</strong> changed from <i>Normal</i> to <i>High</i></li></ul> Suricata - Bug #1161: eve: src and dst mixed up in some caseshttps://redmine.openinfosecfoundation.org/issues/1161?journal_id=42982014-05-06T08:01:10ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Closed</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Merged <a class="external" href="https://github.com/inliniac/suricata/pull/965">https://github.com/inliniac/suricata/pull/965</a></p>