Project

General

Profile

Actions
Copy link

Bug #3914

closed

Protocol detection gets not retries on protocol change if there is not enough data

Added by Philippe Antoine over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
6.0.0rc1
Affected Versions:
4.1.8, 5.0.3, 6.0.0beta1
Effort:
Difficulty:
Label:

Description

Fix is part of https://github.com/OISF/suricata/pull/5380 : https://github.com/OISF/suricata/pull/5380/commits/a65432cba8abf0a6324992e2d029158ac5c42e33

Suricata-Verify test is based on unit test HTPParserTest18 which runs the inputs

c2s CONNECT abc:443 HTTP/1.1\r\nUser-Agent: Victor/1.0\r\n\r\n
s2c HTTP/1.1 200 OK\r\nServer: VictorServer/1.0\r\n\r\n
c2s GE
c2s T / HTTP/1.1\r\nUser-Agent: Victor/1.0\r\n\r\n
s2c HTTP/1.1 200 OK\r\nServer: VictorServer/1.0\r\n\r\n

After successful connect, we look for a new protocol.
But HTTP detection does not work because the input is too small for a decision

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #3920: http: suricata-verify test broken for 5.0.x with libhtp 0.5.34ClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by Victor Julien over 3 years ago

  • Assignee set to Philippe Antoine
Actions
Copy link
 #3

Updated by Victor Julien over 3 years ago

  • Affected Versions 5.0.3, 6.0.0beta1 added
Actions
Copy link
 #4

Updated by Philippe Antoine over 3 years ago

  • Related to Bug #3920: http: suricata-verify test broken for 5.0.x with libhtp 0.5.34 added
Actions
Copy link
 #5

Updated by Victor Julien over 3 years ago

  • Label deleted (Needs backport, Needs backport to 4.1, Needs backport to 5.0)

Backport tracking through #3920.

Actions
Copy link

Also available in: Atom PDF