Project

General

Profile

Actions
Copy link

Bug #7053

closed

bypass: cannot bypass udp flow from first packet in second direction

Added by Philippe Antoine 5 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

From https://forum.suricata.io/t/bypass-does-this-only-work-with-tcp/4660/2

This happens because flow state gets overwritten with established after seeing the second direction

Subtasks 1 (0 open1 closed)

Bug #7054: bypass: cannot bypass udp flow from first packet (7.0.x backport)ClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by OISF Ticketbot 5 months ago

  • Subtask #7054 added
Actions
Copy link
 #2

Updated by OISF Ticketbot 5 months ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #3

Updated by Philippe Antoine 5 months ago

  • Status changed from New to In Review
Actions
Copy link
 #4

Updated by Philippe Antoine 5 months ago

  • Subject changed from bypass: cannot bypass dup flow from first packet to bypass: cannot bypass udp flow from first packet
Actions
Copy link
 #5

Updated by Philippe Antoine 5 months ago

  • Subject changed from bypass: cannot bypass udp flow from first packet to bypass: cannot bypass udp flow from first packet in second direction
Actions
Copy link
 #6

Updated by Philippe Antoine 5 months ago

By the way, would it make sense to do like SSH ? Once we reach a certain state, all traffic is encrypted, and we bypass automatically...

Actions
Copy link
 #7

Updated by Philippe Antoine 4 months ago

  • Status changed from In Review to Resolved
Actions
Copy link
 #8

Updated by Philippe Antoine 3 months ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF