Bug #7725
open
decode/ipv4: missing ip-in-ip case handling
Added by Juliana Fajardini Reichow 2 months ago.
Updated about 2 months ago.
Description
A flow with IPv4 IP in IP traffic won't handle this tunneling case properly.
This leads to potential malicious traffic not triggering alerts, as well as other
inaccuracies in the logs.
Check if this case is also missing in other scenarios.
Waiting to see if the pcap shared can be added to a public SV test.
Related issues
2 (2 open — 0 closed)
- Label deleted (
Needs backport to 7.0)
- Description updated (diff)
Attempt at a fix shared on GL.
- Status changed from New to In Progress
- Assignee changed from OISF Dev to Juliana Fajardini Reichow
- Status changed from In Progress to In Review
- Private changed from Yes to No
- Related to Bug #4571: Unable to trigger rule by content in case of IPv4 in IPv4 encapsulation added
- Status changed from In Review to Resolved
- Related to Task #7734: decode: review if any decoders are missing for IPv4 or IPv6 added
Also available in: Atom
PDF