Actions
Bug #7725
opendecode/ipv4: missing ip-in-ip case handling
Affected Versions:
Effort:
Difficulty:
Label:
Description
A flow with IPv4 IP in IP traffic won't handle this tunneling case properly.
This leads to potential malicious traffic not triggering alerts, as well as other
inaccuracies in the logs.
Check if this case is also missing in other scenarios.
Waiting to see if the pcap shared can be added to a public SV test.
Updated by OISF Ticketbot about 1 month ago
- Label deleted (
Needs backport to 7.0)
Updated by Juliana Fajardini Reichow about 1 month ago
- Description updated (diff)
Updated by Juliana Fajardini Reichow about 1 month ago
Attempt at a fix shared on GL.
Updated by Juliana Fajardini Reichow about 1 month ago
- Status changed from New to In Progress
- Assignee changed from OISF Dev to Juliana Fajardini Reichow
Updated by Juliana Fajardini Reichow about 1 month ago
- Status changed from In Progress to In Review
Updated by Juliana Fajardini Reichow about 1 month ago
- Private changed from Yes to No
PR for reviewing: https://github.com/OISF/suricata/pull/13367
Updated by Philippe Antoine about 1 month ago
- Related to Bug #4571: Unable to trigger rule by content in case of IPv4 in IPv4 incapsulation added
Updated by Philippe Antoine about 1 month ago
- Status changed from In Review to Resolved
Updated by Juliana Fajardini Reichow 29 days ago
- Related to Task #7734: decode: review if any decoders are missing for IPv4 or IPv6 added
Actions