Actions
Bug #7552
closedapp-layer: misdetection if response is seen first without request
Description
Transaction gets cleaned by AppLayerParserTransactionsCleanup before detection is run in the to_client direction when stream.midstream=true and first packet is to client dir.
Found in: https://github.com/OISF/suricata-verify/pull/2282
The next step is find a pcap to reproduce the bug
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 7.0)
Updated by Alice da Silva Akaki about 1 year ago
- Affected Versions 7.0.8, git main added
- Label Needs backport to 7.0 added
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 7.0)
Updated by Alice da Silva Akaki about 1 year ago
S-V tests that indicate the bug
https://github.com/OISF/suricata-verify/pull/2292
Updated by Shivani Bhardwaj about 1 year ago
- Subject changed from detect: flags not set to client dir if midsteam==true and 1st packet to client to applayer: misdetection if response is seen first without request
Updated by Philippe Antoine 12 months ago
- Status changed from New to In Review
- Assignee changed from OISF Dev to Philippe Antoine
Updated by Philippe Antoine 12 months ago
- Status changed from In Review to Resolved
Updated by Philippe Antoine 11 months ago
- Status changed from Resolved to Closed
Updated by Victor Julien 11 months ago
- Subject changed from applayer: misdetection if response is seen first without request to app-layer: misdetection if response is seen first without request
Actions