Project

General

Profile

Actions
Copy link

Bug #8454

open
PA PA

doh2: FN with rulesets combining dns rules and http2 rules

Bug #8454: doh2: FN with rulesets combining dns rules and http2 rules

Added by Philippe Antoine about 9 hours ago. Updated about 9 hours ago.

Status:
In Review
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
9.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Ruleset containing rules with dns keywords and http keywords

alert dns any any -> any any (dns.query; content: "www.gstatic.com"; sid:20; )
alert doh2 any any -> any any (dns.query; content: "www.gstatic.com"; sid:21; )
alert http2 any any -> any any (http.request_header; content:"authority|3a 20|dns.google"; sid:30; )
alert doh2 any any -> any any (http.request_header; content:"authority|3a 20|dns.google"; sid:31; )

does not trigger on http rules, even if it triggers when the dns rules are absent

Subtasks 1 (1 open0 closed)

Bug #8455: doh2: FN with rulesets combining dns rules and http2 rules (8.0.x backport)AssignedPhilippe AntoineActions

OT Updated by OISF Ticketbot about 9 hours ago Actions
Copy link
 #2

  • Subtask #8455 added

OT Updated by OISF Ticketbot about 9 hours ago Actions
Copy link
 #3

  • Label deleted (Needs backport to 8.0)

PA Updated by Philippe Antoine about 9 hours ago Actions
Copy link
 #4

  • Status changed from Assigned to In Review
Actions
Copy link

Also available in: PDF Atom