Actions
Bug #3385
closedfast-log: icmp type prints wrong value (4.1.x)
Affected Versions:
Effort:
Difficulty:
Label:
Description
Fast log prints Packet::sp and Packet::dp, but these are unions:
union {
Port sp;
// icmp type and code of this packet
struct {
uint8_t type;
uint8_t code;
} icmp_s;
};
union {
Port dp;
// icmp type and code of the expected counterpart (for flows)
struct {
uint8_t type;
uint8_t code;
} icmp_d;
};
So printing Packet::sp or dp for ICMP does not give the correct results.
E.g. from et-sigs:
10/18/2019-13:06:01.032939 [Drop] [**] [1:2200076:2] SURICATA ICMPv4 invalid checksum [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {ICMP} 60.191.38.77:771 -> 192.168.69.246:0
Updated by Victor Julien about 5 years ago
- Copied from Bug #3266: fast-log: icmp type prints wrong value added
Updated by Victor Julien about 5 years ago
- Status changed from New to Closed
Actions