Bug #6086: Decode-events of IPv6 packets are not triggered - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #6086

closed

Decode-events of IPv6 packets are not triggered

Added by Cole Dishington 11 months ago. Updated 11 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Cole Dishington

Target version:

7.0.0-rc2

Affected Versions:

Effort:

low

Difficulty:

low

Label:

Description

Detection of decode-events of IPv6 packets are not triggered. I have attached a pcap, that I used for the suricata-verify test, containing IPv4 and IPv6 packets that specify proto UDP and TCP but with no payload. The following rules will be triggered for IPv4 but not for IPv6.

alert tcp any any -> any any (msg:"TCP packet too small"; decode-event:tcp.pkt_too_small; sid:1;)
alert udp any any -> any any (msg:"UDP packet too small"; decode-event:udp.hlen_too_small; sid:2;)

Files

test.pcap (264 Bytes) test.pcap

Cole Dishington, 05/25/2023 12:39 AM

Subtasks 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #6086

Decode-events of IPv6 packets are not triggered

Updated by Philippe Antoine 11 months ago

Updated by Philippe Antoine 11 months ago

Updated by Victor Julien 11 months ago

Updated by Victor Julien 11 months ago

Updated by Shivani Bhardwaj 11 months ago

Updated by Shivani Bhardwaj 11 months ago

Updated by Shivani Bhardwaj 11 months ago

Updated by Philippe Antoine 11 months ago

Updated by OISF Ticketbot 11 months ago

Updated by OISF Ticketbot 11 months ago

Updated by Philippe Antoine 11 months ago