When performing SYN flooding, followed by an HTTP transaction, suricata is not able to detect the application layer protocol, leading to a false negative. Tested in latest master with default configuration. Attaching signature (test....Angelo Mirabella
Suricata can crash with HTTP traffic due to assertion "DetectEngineStateResetTxs" if reaching the memcap in between rule reloads. This happens when suricata reaches HTTP memcap in "HTPCallbackRequestStart", cannot allocate "tx_ud" via ...Angelo Mirabella
Suricata fails to alert on a smb signature related to a file extraction. Investigating a bit the issue the "file_data" keyword does not match (PrefilterTxFiledata) because a file is never seen by Suricata. Attaching pcap and signa...Angelo Mirabella
Suricata invokes the stream reassembly logic only for the current packet direction if the packet contains a FIN flag. However, this does not handle the case in which the packet ACKs data from the opposing direction. Pcap, configurati...Angelo Mirabella
Uploading the build-info and a zip with a pcap and rules to reproduce the bug. The password for the zip is: password Steps to reproduce the bug: - Start suricata in PCAP mode - Send signal SIGUSR2 to reload the signatures - R...Angelo Mirabella
If libmagic is enabled and there are signature using libmagic, rule reloading causes a segmentation fault on the next file matching the rule. This is due to an improper reinitialization of the thread contexts. In attachment there are a...Angelo Mirabella
When in unix-socket mode, Suricata fails to dump the alert metadata info. This happens because the output modules are not inizialized properly.Angelo Mirabella