Actions
Bug #3914
closedProtocol detection gets not retries on protocol change if there is not enough data
Affected Versions:
Effort:
Difficulty:
Label:
Description
Fix is part of https://github.com/OISF/suricata/pull/5380 : https://github.com/OISF/suricata/pull/5380/commits/a65432cba8abf0a6324992e2d029158ac5c42e33
Suricata-Verify test is based on unit test HTPParserTest18 which runs the inputs
c2s CONNECT abc:443 HTTP/1.1\r\nUser-Agent: Victor/1.0\r\n\r\n s2c HTTP/1.1 200 OK\r\nServer: VictorServer/1.0\r\n\r\n c2s GE c2s T / HTTP/1.1\r\nUser-Agent: Victor/1.0\r\n\r\n s2c HTTP/1.1 200 OK\r\nServer: VictorServer/1.0\r\n\r\n
After successful connect, we look for a new protocol.
But HTTP detection does not work because the input is too small for a decision
Updated by Victor Julien over 4 years ago
- Status changed from In Review to Closed
Updated by Victor Julien over 4 years ago
- Affected Versions 5.0.3, 6.0.0beta1 added
Updated by Philippe Antoine over 4 years ago
- Related to Bug #3920: http: suricata-verify test broken for 5.0.x with libhtp 0.5.34 added
Updated by Victor Julien over 4 years ago
- Label deleted (
Needs backport, Needs backport to 4.1, Needs backport to 5.0)
Backport tracking through #3920.
Actions