https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022010-06-18T07:41:39ZOpen Information Security FoundationSuricata - Bug #180: no alert with ip proto GRE on suricata today git and v0.9.1https://redmine.openinfosecfoundation.org/issues/180?journal_id=6602010-06-18T07:41:39ZVictor Julienvictor@inliniac.net
<ul><li><strong>Due date</strong> set to <i>06/22/2010</i></li><li><strong>Assignee</strong> set to <i>OISF Dev</i></li><li><strong>Target version</strong> set to <i>0.9.3</i></li><li><strong>Estimated time</strong> set to <i>2.50 h</i></li></ul> Suricata - Bug #180: no alert with ip proto GRE on suricata today git and v0.9.1https://redmine.openinfosecfoundation.org/issues/180?journal_id=6922010-06-25T01:46:51ZVictor Julienvictor@inliniac.net
<ul><li><strong>Due date</strong> changed from <i>06/22/2010</i> to <i>06/28/2010</i></li><li><strong>Assignee</strong> changed from <i>OISF Dev</i> to <i>Pablo Rincon</i></li><li><strong>Target version</strong> changed from <i>0.9.3</i> to <i>1.0.0</i></li></ul> Suricata - Bug #180: no alert with ip proto GRE on suricata today git and v0.9.1https://redmine.openinfosecfoundation.org/issues/180?journal_id=7442010-07-01T05:32:19ZVictor Julienvictor@inliniac.net
<ul><li><strong>Due date</strong> changed from <i>06/28/2010</i> to <i>07/06/2010</i></li><li><strong>Target version</strong> changed from <i>1.0.0</i> to <i>1.0.1</i></li></ul> Suricata - Bug #180: no alert with ip proto GRE on suricata today git and v0.9.1https://redmine.openinfosecfoundation.org/issues/180?journal_id=8032010-07-21T16:24:27Zrmkml rmkmlrmkml@yahoo.fr
<ul></ul><p>Hi,<br />I have tested with git today and same no alert,<br />But I have a decode-event alert: gre.wrong_version.<br />It's true on joigned pcap file, but why no alert on simply sigs please?<br />Regards<br />Rmkml</p> Suricata - Bug #180: no alert with ip proto GRE on suricata today git and v0.9.1https://redmine.openinfosecfoundation.org/issues/180?journal_id=8092010-07-22T07:33:04ZVictor Julienvictor@inliniac.net
<ul></ul><p>It seems the issue is that we set the protocol only for valid packets, while here the gre part of the packet seems invalid. This behavior seems incompatible with Snort.</p> Suricata - Bug #180: no alert with ip proto GRE on suricata today git and v0.9.1https://redmine.openinfosecfoundation.org/issues/180?journal_id=8162010-07-23T10:20:23ZPablo Rinconpablo.rincon.crespo@gmail.com
<ul><li><strong>File</strong> <a href="/attachments/304">0001-Fix-for-bug-180-check-proto-specified-at-the-IP-hdr.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/304/0001-Fix-for-bug-180-check-proto-specified-at-the-IP-hdr.patch">0001-Fix-for-bug-180-check-proto-specified-at-the-IP-hdr.patch</a> added</li></ul><p>This patch should fix the issue to be compat, checking the proto at the ip hdr instead of p->proto (that is not set on invalid packets).</p> Suricata - Bug #180: no alert with ip proto GRE on suricata today git and v0.9.1https://redmine.openinfosecfoundation.org/issues/180?journal_id=8172010-07-25T06:48:14ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Patch applied, thanks Pablo. Commit 70bda6506db84ff33e51520f09b956c3cd648cc1</p>
<p>Fixed the unittests that were broken after this to use the unittest helper functions.</p>