Project

General

Profile

Actions

Bug #5081

closed

detect/iponly: rule parsing does not always apply netmask correctly

Added by Victor Julien over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0, Needs backport to 6.0

Description

If the ipaddress is not the address range start, it's not masked to turn it into that. So 1.2.3.4/24 is not stored as address 1.2.3.0 with netmask 24, but as 1.2.3.4 with netmask 24. This is then propagated into the radix tree, where it is used as an exact key in exact lookups, giving unexpected results.


Related issues 7 (0 open7 closed)

Related to Suricata - Bug #5066: detect/iponly: mixing netblocks can lead to FN/FPClosedVictor JulienActions
Related to Suricata - Bug #5086: htp: server personality radix handling issueClosedVictor JulienActions
Related to Suricata - Bug #5084: iprep: cidr support can set up radix incorrectlyClosedVictor JulienActions
Related to Suricata - Bug #5085: defrag: policy config can setup radix incorrectlyClosedVictor JulienActions
Related to Suricata - Bug #5168: detect/iponly: non-cidr netmask settings can lead incorrect detectionClosedVictor JulienActions
Copied to Suricata - Bug #5106: detect/iponly: rule parsing does not always apply netmask correctlyClosedVictor JulienActions
Copied to Suricata - Bug #5107: detect/iponly: rule parsing does not always apply netmask correctlyClosedJeff LucovskyActions
Actions #1

Updated by Victor Julien over 2 years ago

  • Related to Bug #5066: detect/iponly: mixing netblocks can lead to FN/FP added
Actions #2

Updated by Victor Julien over 2 years ago

  • Related to Bug #5086: htp: server personality radix handling issue added
Actions #3

Updated by Victor Julien over 2 years ago

  • Related to Bug #5084: iprep: cidr support can set up radix incorrectly added
Actions #4

Updated by Victor Julien over 2 years ago

  • Related to Bug #5085: defrag: policy config can setup radix incorrectly added
Actions #5

Updated by Victor Julien over 2 years ago

  • Status changed from Assigned to Closed
Actions #6

Updated by Jeff Lucovsky over 2 years ago

  • Copied to Bug #5106: detect/iponly: rule parsing does not always apply netmask correctly added
Actions #7

Updated by Jeff Lucovsky over 2 years ago

  • Copied to Bug #5107: detect/iponly: rule parsing does not always apply netmask correctly added
Actions #8

Updated by Victor Julien over 2 years ago

  • Related to Bug #5168: detect/iponly: non-cidr netmask settings can lead incorrect detection added
Actions

Also available in: Atom PDF