Bug #689: FN: IP-only rule ip_proto not matching for some protocols - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #689

closed

FN: IP-only rule ip_proto not matching for some protocols

Added by Victor Julien almost 12 years ago. Updated almost 12 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

1.4.1

Affected Versions:

Effort:

Difficulty:

Label:

Description

IPv4 packet with protocol 41 didn't match on:

alert ip any any -> any any (ip_proto:41; sid:1;)

This is because it is considered an IP-only rule, but protocol check for IP-only is broken.

History
Notes
Property changes

Actions

Copy link

Updated by Victor Julien almost 12 years ago

Status changed from Assigned to Closed

commit 5f4c52801e663f499abee4b5c004b6ca75ded4df
Author: Victor Julien <victor@inliniac.net>
Date:   Tue Dec 18 16:54:46 2012 +0100

    Fix protocol check for IP-only (#689).

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #689

FN: IP-only rule ip_proto not matching for some protocols

Updated by Victor Julien almost 12 years ago