Actions
Bug #6086
closedDecode-events of IPv6 packets are not triggered
Affected Versions:
Effort:
low
Difficulty:
low
Label:
Description
Detection of decode-events of IPv6 packets are not triggered. I have attached a pcap, that I used for the suricata-verify test, containing IPv4 and IPv6 packets that specify proto UDP and TCP but with no payload. The following rules will be triggered for IPv4 but not for IPv6.
alert tcp any any -> any any (msg:"TCP packet too small"; decode-event:tcp.pkt_too_small; sid:1;)
alert udp any any -> any any (msg:"UDP packet too small"; decode-event:udp.hlen_too_small; sid:2;)
Files
Updated by Philippe Antoine over 1 year ago
- Status changed from In Progress to In Review
Updated by Philippe Antoine over 1 year ago
- Label Needs backport added
- Label deleted (
Needs Suricata-Verify test)
Updated by Victor Julien over 1 year ago
- Status changed from In Review to Resolved
- Label Needs backport to 6.0 added
- Label deleted (
Needs backport)
Updated by Shivani Bhardwaj over 1 year ago
- Status changed from Resolved to Assigned
Updated by Shivani Bhardwaj over 1 year ago
- Status changed from Assigned to Resolved
Updated by Philippe Antoine over 1 year ago
Waiting for ticketbot to create the backport ticket...
Updated by OISF Ticketbot over 1 year ago
- Label deleted (
Needs backport to 6.0)
Updated by Philippe Antoine over 1 year ago
- Status changed from Resolved to Closed
Actions