Project

General

Profile

Actions
Copy link

Bug #2169

closed
VJ JI

dns/tcp: reponse traffic leads to 'app_proto_tc: failed'

Bug #2169: dns/tcp: reponse traffic leads to 'app_proto_tc: failed'

Added by Victor Julien almost 9 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
4.0.0
Affected Versions:
Effort:
Difficulty:
Label:

Description

Triggers "SURICATA Applayer Mismatch protocol both directions"

Tested with Rust, can provide pcap offline.

VJ Updated by Victor Julien over 8 years ago Actions
Copy link
 #1

Only happens with Rust it seems.

JI Updated by Jason Ish over 8 years ago Actions
Copy link
 #2

This occurs when the probe function is called without all the data for the request or response. For TCP, the probe will fail if the amount of data is less than the length specified in the header.

The fix is to just remove this check. Strip the length, and if data is left pass to the normal probe function that will fail if there is not enough data to complete the probe.

JI Updated by Jason Ish over 8 years ago Actions
Copy link
 #3

  • Status changed from Assigned to Closed
  • Target version changed from 70 to 4.0.0
Actions
Copy link

Also available in: PDF Atom