Bug #690: FN: IP-only rule ip_proto not matching for some protocols (1.3.x) - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #690

closed

FN: IP-only rule ip_proto not matching for some protocols (1.3.x)

Added by Victor Julien over 11 years ago. Updated over 11 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

1.3.6

Affected Versions:

Effort:

Difficulty:

Label:

Description

IPv4 packet with protocol 41 didn't match on:

alert ip any any -> any any (ip_proto:41; sid:1;)

This is because it is considered an IP-only rule, but protocol check for IP-only is broken.

History
Notes
Property changes

Actions

Copy link

Updated by Victor Julien over 11 years ago

Status changed from Assigned to Closed

commit e03d767f87b2f668538b6f0b612c99e7ad5b2849
Author: Victor Julien <victor@inliniac.net>
Date:   Tue Dec 18 16:58:54 2012 +0100

    Fix protocol check for IP-only (#690).

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #690

FN: IP-only rule ip_proto not matching for some protocols (1.3.x)

Updated by Victor Julien over 11 years ago