https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022010-08-06T07:46:09ZOpen Information Security FoundationSuricata - Bug #227: strange FP on suricata v101/100https://redmine.openinfosecfoundation.org/issues/227?journal_id=8412010-08-06T07:46:09ZWill Metcalfwilliam.metcalf@gmail.com
<ul><li><strong>Due date</strong> set to <i>08/20/2010</i></li><li><strong>Assignee</strong> set to <i>OISF Dev</i></li><li><strong>Target version</strong> set to <i>1.0.2</i></li><li><strong>Estimated time</strong> set to <i>2.50 h</i></li></ul><p>Confirmed and, Bizarre indeed. The second alert comes from packet <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: Engine fails to work properly on ppc platform. (Closed)" href="https://redmine.openinfosecfoundation.org/issues/63">#63</a> in the pcap the rmkml provided to me which doesn't have HTTP server response in it whatsoever. It is part of the same tcp stream as the alert that should fire in packet <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: double free inside of DCERPCStateFree (Closed)" href="https://redmine.openinfosecfoundation.org/issues/69">#69</a>. Please contact me for a copy of the pcap.</p> Suricata - Bug #227: strange FP on suricata v101/100https://redmine.openinfosecfoundation.org/issues/227?journal_id=8842010-09-02T04:29:41ZVictor Julienvictor@inliniac.net
<ul><li><strong>Target version</strong> changed from <i>1.0.2</i> to <i>1.1beta1</i></li></ul> Suricata - Bug #227: strange FP on suricata v101/100https://redmine.openinfosecfoundation.org/issues/227?journal_id=9282010-10-27T07:59:23ZAnoop Saldanhaanoopsaldanha@gmail.com
<ul><li><strong>Assignee</strong> changed from <i>OISF Dev</i> to <i>Anoop Saldanha</i></li></ul> Suricata - Bug #227: strange FP on suricata v101/100https://redmine.openinfosecfoundation.org/issues/227?journal_id=9292010-10-28T00:03:39ZAnoop Saldanhaanoopsaldanha@gmail.com
<ul><li><strong>File</strong> <a href="/attachments/332">0001-fix-for-bug-227.-For-negated-contents-that-have-been.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/332/0001-fix-for-bug-227.-For-negated-contents-that-have-been.patch">0001-fix-for-bug-227.-For-negated-contents-that-have-been.patch</a> added</li></ul><p>Attached a patch. We should see 2 alerts now irrespective of sid #2's presence.</p> Suricata - Bug #227: strange FP on suricata v101/100https://redmine.openinfosecfoundation.org/issues/227?journal_id=9302010-10-30T03:43:34ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied to my local tree. Thanks Anoop!</p>