Project

General

Profile

Actions
Copy link

Bug #8454

closed
PA PA

doh2: FN with rulesets combining dns rules and http2 rules

Bug #8454: doh2: FN with rulesets combining dns rules and http2 rules

Added by Philippe Antoine 2 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
9.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Ruleset containing rules with dns keywords and http keywords

alert dns any any -> any any (dns.query; content: "www.gstatic.com"; sid:20; )
alert doh2 any any -> any any (dns.query; content: "www.gstatic.com"; sid:21; )
alert http2 any any -> any any (http.request_header; content:"authority|3a 20|dns.google"; sid:30; )
alert doh2 any any -> any any (http.request_header; content:"authority|3a 20|dns.google"; sid:31; )

does not trigger on http rules, even if it triggers when the dns rules are absent

Subtasks 1 (0 open1 closed)

Bug #8455: doh2: FN with rulesets combining dns rules and http2 rules (8.0.x backport)ClosedPhilippe AntoineActions

Related issues 1 (0 open1 closed)

Blocks Suricata - Bug #8451: http2: http.host does not match as soon as possibleClosedPhilippe AntoineActions
Actions
Copy link

Also available in: PDF Atom