Feature #261
closedflow option "only_stream"
Description
invalid flow option "only_stream"
Example:
[9838] 20/12/2010 -- 11:50:19 - (detect-flow.c:259) <Error> (DetectFlowParse) -- [ERRCODE: SC_ERR_INVALID_VALUE(128)] - invalid flow option "only_stream"
[9838] 20/12/2010 -- 11:50:19 - (detect.c:526) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"WEB-MISC Microsoft Internet Explorer 7 html object memory corruption attempt"; flow:to_client, established, only_stream; content:"HTTP/1.1 304 Not Modified"; content:"HTTP/1.1 304 Not Modified"; distance:0; detection_filter:track by_src, count 20, seconds 1; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:cve,2007-0947; classtype:misc-activity; sid:16008; rev:5;)" from file /etc/suricata/rules/web-misc.rules at line 612
Files
VJ Updated by Victor Julien about 15 years ago
What does this option do?
VJ Updated by Victor Julien about 15 years ago
- Status changed from New to Feedback
- Assignee set to Peter Manev
PM Updated by Peter Manev about 15 years ago
- File OnlyStream.bmp OnlyStream.bmp added
Victor Julien wrote:
What does this option do?
It gets triggered on reconstructed packets or packets that are only within an established stream.
(flow option sub spec)
VJ Updated by Victor Julien over 14 years ago
- Status changed from Feedback to Closed
- Assignee changed from Peter Manev to Victor Julien
- Target version set to 1.2
- % Done changed from 0 to 100
Implemented this.
VJ Updated by Victor Julien over 14 years ago
- Target version changed from 1.2 to 1.2rc1