Actions
Bug #5110
closedBug #5076: keyword content does not work over reassembled TCP
keyword content does not work over reassembled TCP (6.0.x backport)
Affected Versions:
Effort:
Difficulty:
Label:
Description
Using rulealert ip any any -> any any (content:"HTTP/2.loc"; sid:11;)
on attached pcap
with stream.reassembly.toserver-chunk-size=25
does not trigger an alert
It does trigger the alert without the setting.
I fear we might have an evasion if I split the packets over the default value of 2560...
Updated by Jeff Lucovsky almost 3 years ago
- Copied from Bug #5076: keyword content does not work over reassembled TCP added
Updated by Victor Julien over 2 years ago
- Target version changed from 6.0.5 to 6.0.6
Updated by Jeff Lucovsky over 2 years ago
- Subject changed from keyword content does not work over reassembled TCP to keyword content does not work over reassembled TCP (6.0.x backport)
Updated by Victor Julien over 2 years ago
- Target version changed from 6.0.6 to 6.0.7
Updated by Victor Julien about 2 years ago
- Target version changed from 6.0.7 to 6.0.8
Updated by Victor Julien about 2 years ago
- Target version changed from 6.0.8 to 6.0.9
Updated by Victor Julien about 2 years ago
- Target version changed from 6.0.9 to 6.0.10
Updated by Victor Julien almost 2 years ago
- Target version changed from 6.0.10 to 6.0.11
Updated by Shivani Bhardwaj almost 2 years ago
- Assignee changed from Shivani Bhardwaj to Victor Julien
Updated by Victor Julien over 1 year ago
- Target version changed from 6.0.11 to 6.0.12
Updated by Victor Julien over 1 year ago
- Target version changed from 6.0.12 to 6.0.13
Updated by Victor Julien over 1 year ago
- Target version changed from 6.0.13 to 6.0.14
Updated by Victor Julien over 1 year ago
- Target version changed from 6.0.14 to 6.0.15
Updated by Philippe Antoine over 1 year ago
- Status changed from Assigned to Rejected
I do not think we will fix that in 7 soon...
So closing the backport to 6 until there is a fix in master
Actions