Project

General

Profile

Actions

Bug #4940

open

ftp-data: protocol misclassification if the file begins with a protocol pattern

Added by Philippe Antoine about 3 years ago. Updated 27 days ago.

Status:
New
Priority:
Low
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

As the expectation part of protocol detection runs only if there was no pattern found...


Related issues 1 (0 open1 closed)

Related to Suricata - Security #4857: ftp: SEGV at flow cleanup due to protocol confusionClosedPhilippe AntoineActions
Actions #1

Updated by Philippe Antoine about 3 years ago

  • Related to Security #4857: ftp: SEGV at flow cleanup due to protocol confusion added
Actions #2

Updated by Victor Julien almost 2 years ago

  • Assignee set to Philippe Antoine
  • Target version set to TBD
Actions #3

Updated by Philippe Antoine 27 days ago

I wonder if expectation could run first, as we could have information of ippair in the flow and see if this ippair has a FTP flow...

Side note : we also have the problem of ftp-data being missed when load balancing gets it in another core, and is processed sooner than the FTP packets giving the port for the ftp-data flow)

Actions

Also available in: Atom PDF