Project

General

Profile

Actions
Copy link

Bug #7725

open

decode/ipv4: missing ip-in-ip case handling

Added by Juliana Fajardini Reichow 9 days ago. Updated 2 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
Juliana Fajardini Reichow
Target version:
8.0.0-rc1
Affected Versions:
7.0.10
Effort:
Difficulty:
Label:

Description

A flow with IPv4 IP in IP traffic won't handle this tunneling case properly.
This leads to potential malicious traffic not triggering alerts, as well as other
inaccuracies in the logs.

Check if this case is also missing in other scenarios.

Waiting to see if the pcap shared can be added to a public SV test.

Subtasks

Related issues 1 (1 open0 closed)

Related to Suricata - Bug #4571: Unable to trigger rule by content in case of IPv4 in IPv4 incapsulationAssignedVictor JulienActions
Actions
Copy link
 #1

Updated by OISF Ticketbot 9 days ago

  • Subtask #7726 added
Actions
Copy link
 #2

Updated by OISF Ticketbot 9 days ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #3

Updated by Juliana Fajardini Reichow 9 days ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow 9 days ago

Attempt at a fix shared on GL.

Actions
Copy link
 #5

Updated by Juliana Fajardini Reichow 8 days ago

  • Status changed from New to In Progress
  • Assignee changed from OISF Dev to Juliana Fajardini Reichow
Actions
Copy link
 #6

Updated by Juliana Fajardini Reichow 8 days ago

  • Status changed from In Progress to In Review
Actions
Copy link
 #7

Updated by Juliana Fajardini Reichow 3 days ago

  • Private changed from Yes to No
Actions
Copy link
 #8

Updated by Philippe Antoine 2 days ago

  • Related to Bug #4571: Unable to trigger rule by content in case of IPv4 in IPv4 incapsulation added
Actions
Copy link
 #9

Updated by Philippe Antoine 2 days ago

  • Status changed from In Review to Resolved
Actions
Copy link

Also available in: Atom PDF