Project

General

Profile

Actions
Copy link

Bug #6222

closed

Decode-events of IPv6 GRE are not triggered

Added by Cole Dishington 10 months ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Cole Dishington
Target version:
7.0.1
Affected Versions:
7.0.0, 7.0.1
Effort:
low
Difficulty:
low
Label:

Description

Detection of decode-events of IPv6 GRE packets are not triggered if the GRE decoding fails. I have attached a pcap, that I used for the suricata-verify test, containing IPv4 and IPv6 packets that specify a proto GRE but with a partial GRE payload.
The following rule will be tiggered for GRE over IPv6 but not for GRE over IPv6.

alert ip any any -> any any (msg:"GRE packet too small"; decode-event:gre.pkt_too_small; sid:3;)

Files

test.pcap (516 Bytes) test.pcap Cole Dishington, 07/19/2023 10:21 PM

Subtasks 1 (0 open1 closed)

Bug #6226: Decode-events of IPv6 GRE are not triggered (6.0.x backport)ClosedCole DishingtonActions
Actions
Copy link
 #1

Updated by Victor Julien 10 months ago

  • Status changed from New to In Review
  • Label Needs backport to 6.0 added
Actions
Copy link
 #2

Updated by Victor Julien 10 months ago

  • Status changed from In Review to Resolved
Actions
Copy link
 #3

Updated by OISF Ticketbot 10 months ago

  • Subtask #6226 added
Actions
Copy link
 #4

Updated by OISF Ticketbot 10 months ago

  • Label deleted (Needs backport to 6.0)
Actions
Copy link
 #5

Updated by Victor Julien 9 months ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF