Bug #4940
open
ftp-data: protocol misclassification if the file begins with a protocol pattern
Added by Philippe Antoine about 3 years ago.
Updated 29 days ago.
Description
As the expectation part of protocol detection runs only if there was no pattern found...
- Related to Security #4857: ftp: SEGV at flow cleanup due to protocol confusion added
- Assignee set to Philippe Antoine
- Target version set to TBD
I wonder if expectation could run first, as we could have information of ippair in the flow and see if this ippair has a FTP flow...
Side note : we also have the problem of ftp-data being missed when load balancing gets it in another core, and is processed sooner than the FTP packets giving the port for the ftp-data flow)
Also available in: Atom
PDF