Project

General

Profile

Actions

Bug #7053

closed

bypass: cannot bypass udp flow from first packet in second direction

Added by Philippe Antoine 5 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

From https://forum.suricata.io/t/bypass-does-this-only-work-with-tcp/4660/2

This happens because flow state gets overwritten with established after seeing the second direction


Subtasks 1 (0 open1 closed)

Bug #7054: bypass: cannot bypass udp flow from first packet (7.0.x backport)ClosedPhilippe AntoineActions
Actions #1

Updated by OISF Ticketbot 5 months ago

  • Subtask #7054 added
Actions #2

Updated by OISF Ticketbot 5 months ago

  • Label deleted (Needs backport to 7.0)
Actions #3

Updated by Philippe Antoine 5 months ago

  • Status changed from New to In Review
Actions #4

Updated by Philippe Antoine 5 months ago

  • Subject changed from bypass: cannot bypass dup flow from first packet to bypass: cannot bypass udp flow from first packet
Actions #5

Updated by Philippe Antoine 5 months ago

  • Subject changed from bypass: cannot bypass udp flow from first packet to bypass: cannot bypass udp flow from first packet in second direction
Actions #6

Updated by Philippe Antoine 5 months ago

By the way, would it make sense to do like SSH ? Once we reach a certain state, all traffic is encrypted, and we bypass automatically...

Actions #7

Updated by Philippe Antoine 4 months ago

  • Status changed from In Review to Resolved
Actions #8

Updated by Philippe Antoine 4 months ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF