Project

General

Profile

Actions
Copy link

Bug #6733

closed
LS LS

tcp: tcp flow flags changing incorrectly when ruleset contains content matching

Bug #6733: tcp: tcp flow flags changing incorrectly when ruleset contains content matching

Added by Lukas Sismis about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Sismis
Target version:
8.0.0-beta1
Affected Versions:
7.0.2
Effort:
Difficulty:
Label:

Description

When content-matching rules are used in Suricata 7, the flow flags change from SYN to SYN-ACK.
This doesn't happen when the ruleset does not contain content-matching rules and it neither happens in Suricata 6 (never).

Files

Download all files
tcp-syn.pcap (106 Bytes) tcp-syn.pcap Lukas Sismis, 02/04/2024 07:59 PM
content-matching.rules (118 Bytes) content-matching.rules Lukas Sismis, 02/04/2024 08:02 PM
non-content-matching.rules (99 Bytes) non-content-matching.rules Lukas Sismis, 02/04/2024 08:02 PM

Subtasks 1 (0 open1 closed)

Bug #6734: tcp: tcp flow flags changing incorrectly when ruleset contains content matching (7.0.x backport)ClosedLukas SismisActions

LS Updated by Lukas Sismis about 2 years ago Actions
Copy link
 #1

  • Target version changed from 7.0.4 to 8.0.0-beta1
  • Label Needs backport to 7.0 added

OT Updated by OISF Ticketbot about 2 years ago Actions
Copy link
 #2

  • Subtask #6734 added

OT Updated by OISF Ticketbot about 2 years ago Actions
Copy link
 #3

  • Label deleted (Needs backport to 7.0)

LS Updated by Lukas Sismis about 2 years ago Actions
Copy link
 #4

  • Status changed from Assigned to In Review

LS Updated by Lukas Sismis about 2 years ago Actions
Copy link
 #5

  • Status changed from In Review to Resolved

LS Updated by Lukas Sismis about 2 years ago Actions
Copy link
 #6

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: PDF Atom