Project

General

Profile

Actions

Bug #5072

closed

detect/ip_proto: inconsistent behavior when specifying protocol by string

Added by Victor Julien over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0, Needs backport to 6.0

Description

ip_proto:TCP will use getprotobyname, which may not work depending on the OS. E.g. in a docker Alpine it fails. We should probably just use a built-in table.


Related issues 3 (0 open3 closed)

Related to Suricata - Bug #4267: output: don't use /etc/protocolsClosedJeff LucovskyActions
Copied to Suricata - Bug #5114: detect/ip_proto: inconsistent behavior when specifying protocol by stringClosedShivani BhardwajActions
Copied to Suricata - Bug #5115: detect/ip_proto: inconsistent behavior when specifying protocol by stringClosedJeff LucovskyActions
Actions

Also available in: Atom PDF