Project

General

Profile

Actions
Copy link

Bug #5110

closed
JL VJ

Optimization #5076: keyword content does not work over reassembled TCP

keyword content does not work over reassembled TCP (6.0.x backport)

Bug #5110: keyword content does not work over reassembled TCP (6.0.x backport)

Added by Jeff Lucovsky about 4 years ago. Updated almost 3 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Victor Julien
Target version:
6.0.15
Affected Versions:
6.0.4
Effort:
Difficulty:
Label:

Description

Using rule
alert ip any any -> any any (content:"HTTP/2.loc"; sid:11;)

on attached pcap

with stream.reassembly.toserver-chunk-size=25

does not trigger an alert

It does trigger the alert without the setting.

I fear we might have an evasion if I split the packets over the default value of 2560...

JL Updated by Jeff Lucovsky about 4 years ago Actions
Copy link
 #1

  • Copied from Optimization #5076: keyword content does not work over reassembled TCP added

VJ Updated by Victor Julien about 4 years ago Actions
Copy link
 #2

  • Target version changed from 6.0.5 to 6.0.6

JL Updated by Jeff Lucovsky almost 4 years ago Actions
Copy link
 #3

  • Parent task set to #5076

JL Updated by Jeff Lucovsky almost 4 years ago Actions
Copy link
 #4

  • Subject changed from keyword content does not work over reassembled TCP to keyword content does not work over reassembled TCP (6.0.x backport)

VJ Updated by Victor Julien almost 4 years ago Actions
Copy link
 #5

  • Target version changed from 6.0.6 to 6.0.7

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #6

  • Target version changed from 6.0.7 to 6.0.8

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #7

  • Target version changed from 6.0.8 to 6.0.9

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #8

  • Target version changed from 6.0.9 to 6.0.10

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #9

  • Target version changed from 6.0.10 to 6.0.11

SB Updated by Shivani Bhardwaj about 3 years ago Actions
Copy link
 #10

  • Assignee changed from Shivani Bhardwaj to Victor Julien

VJ Updated by Victor Julien about 3 years ago Actions
Copy link
 #11

  • Target version changed from 6.0.11 to 6.0.12

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
 #12

  • Target version changed from 6.0.12 to 6.0.13

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
 #13

  • Target version changed from 6.0.13 to 6.0.14

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
 #14

  • Target version changed from 6.0.14 to 6.0.15

PA Updated by Philippe Antoine almost 3 years ago Actions
Copy link
 #15

  • Status changed from Assigned to Rejected

I do not think we will fix that in 7 soon...
So closing the backport to 6 until there is a fix in master

Actions
Copy link

Also available in: PDF Atom