Project

General

Profile

Actions

Bug #2169

closed

dns/tcp: reponse traffic leads to 'app_proto_tc: failed'

Added by Victor Julien over 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Triggers "SURICATA Applayer Mismatch protocol both directions"

Tested with Rust, can provide pcap offline.

Actions #1

Updated by Victor Julien about 5 years ago

Only happens with Rust it seems.

Actions #2

Updated by Jason Ish about 5 years ago

This occurs when the probe function is called without all the data for the request or response. For TCP, the probe will fail if the amount of data is less than the length specified in the header.

The fix is to just remove this check. Strip the length, and if data is left pass to the normal probe function that will fail if there is not enough data to complete the probe.

Actions #3

Updated by Jason Ish about 5 years ago

  • Status changed from Assigned to Closed
  • Target version changed from 70 to 4.0.0
Actions

Also available in: Atom PDF