Bug #1518: multitenancy - selector vlan - vlan id range - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #1518

closed

multitenancy - selector vlan - vlan id range

Added by Peter Manev over 8 years ago. Updated over 8 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

3.0RC1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Using latest git - Suricata version 2.1dev (rev 834c366)

Vlan id -6000 is indeed an invalid vlan range

[2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:1917) <Info> (DetectEngineMultiTenantSetup) -- selector vlan
[2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:1931) <Info> (DetectEngineMultiTenantSetup) -- multi-detect is enabled (multi tenancy). Selector: vlan
[2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:1947) <Info> (DetectEngineMultiTenantSetup) -- vlan 1 666
[2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:2106) <Info> (DetectEngineTentantRegisterSelector) -- tenant handler 2 1 666 registered
[2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:1947) <Info> (DetectEngineMultiTenantSetup) -- *vlan 2 -6000*
[2470] 26/7/2015 -- 19:40:05 - (util-byte.c:231) <Error> (ByteExtractStringUint16) -- [ERRCODE: SC_ERR_NUMERIC_VALUE_ERANGE(61)] - Numeric value out of range (18446744073709545616 > 65535)
[2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:1963) <Error> (DetectEngineMultiTenantSetup) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - vlan-id  of -6000 is invalid
[2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:2007) <Info> (DetectEngineMultiTenantSetup) -- tenant id: 1, /etc/suricata/tenant-1.yaml
[2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:2007) <Info> (DetectEngineMultiTenantSetup) -- tenant id: 2, /etc/suricata/tenant-2.yaml
[2472] 26/7/2015 -- 19:40:05 - (detect-engine.c:1810) <Info> (DetectLoaderFuncLoadTenant) -- loader 1

so is vlan id 6000 - but this one passes through:

[2556] 26/7/2015 -- 19:42:26 - (detect-engine-loader.c:128) <Info> (DetectLoadersInit) -- using 2 detect loader threads
[2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:1917) <Info> (DetectEngineMultiTenantSetup) -- selector vlan
[2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:1931) <Info> (DetectEngineMultiTenantSetup) -- multi-detect is enabled (multi tenancy). Selector: vlan
[2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:1947) <Info> (DetectEngineMultiTenantSetup) -- vlan 1 666
[2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:2106) <Info> (DetectEngineTentantRegisterSelector) -- tenant handler 2 1 666 registered
[2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:1947) <Info> (DetectEngineMultiTenantSetup) -- *vlan 2 6000*
[2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:2106) <Info> (DetectEngineTentantRegisterSelector) -- tenant handler 2 2 6000 registered
[2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:2007) <Info> (DetectEngineMultiTenantSetup) -- tenant id: 1, /etc/suricata/tenant-1.yaml
[2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:2007) <Info> (DetectEngineMultiTenantSetup) -- tenant id: 2, /etc/suricata/tenant-2.yaml
[2557] 26/7/2015 -- 19:42:26 - (detect-engine.c:1810) <Info> (DetectLoaderFuncLoadTenant) -- loader 0
[2558] 26/7/2015 -- 19:42:26 - (detect-engine.c:1810) <Info> (DetectLoaderFuncLoadTenant) -- loader 1

Only valid vlan id ranges should be considered in the selector vlan mode.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #1518

multitenancy - selector vlan - vlan id range

Updated by Victor Julien over 8 years ago

Updated by Victor Julien over 8 years ago