[Oisf-devel] Suricata 2.0dev + PF_RING 5.6.0 sporadic crashes in HTPCallbackRequest
Anoop Saldanha
anoopsaldanha at gmail.com
Fri Jul 19 16:01:06 UTC 2013
On Fri, Jul 19, 2013 at 9:22 PM, Victor Julien <victor at inliniac.net> wrote:
> On 07/19/2013 05:35 PM, Chris Wakelin wrote:
>> On 19/07/13 13:58, Anoop Saldanha wrote:
>>>
>>> Can you run the lastest master(post 0.5.x changes). There were some
>>> bugs in libhtp which were fixed explicitly for 1.4.x, and for the
>>> master we relied on the 0.5.x fixing it.
>>>
>>
>> Hmm - done that (I cloned libhtp repository into the Suricata build
>> directory), and now I'm getting most entries in http.log with "hostname
>> unknown" (though interestingly a file captured with "filestore" had the
>> correct hostname in its .meta file, though the matching HTTP log entry
>> didn't). I can reproduce it with pcaps (exploit kits from a sandbox).
>>
>> Have I missed a necessary configuration change?
>
> No, I think this is a bug.
>
> Interestingly, the .meta file just gets the value of the Host header,
> while the http.log uses htp's tx->parsed_uri->hostname.
>
> Anoop, can you check it out?
>
On it.
--
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------
More information about the Oisf-devel
mailing list