Actions
Bug #2169
closeddns/tcp: reponse traffic leads to 'app_proto_tc: failed'
Affected Versions:
Effort:
Difficulty:
Label:
Description
Triggers "SURICATA Applayer Mismatch protocol both directions"
Tested with Rust, can provide pcap offline.
Updated by Jason Ish about 7 years ago
This occurs when the probe function is called without all the data for the request or response. For TCP, the probe will fail if the amount of data is less than the length specified in the header.
The fix is to just remove this check. Strip the length, and if data is left pass to the normal probe function that will fail if there is not enough data to complete the probe.
Updated by Jason Ish about 7 years ago
- Status changed from Assigned to Closed
- Target version changed from 70 to 4.0.0
Actions