<div>It works fine ! Thank you again !</div><div>Any news about IPv4-in-IPv6 support ?</div><div> </div><div>Michel<br></div><div class="gmail_quote">2012/5/20 Victor Julien <span dir="ltr"><<a href="mailto:victor@inliniac.net" target="_blank">victor@inliniac.net</a>></span><br>
<blockquote style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid" class="gmail_quote">I pushed a fix for this to the current git master. Please test!<br>
<br>
Thanks Michel!<br>
<br>
Cheers,<br>
Victor<br>
<div class="im"><br>
On 05/10/2012 02:16 PM, Michel SABORDE wrote:<br>
</div><div class="im">> In the pcap i already sent, there was no AH extension header.<br>
> Here is a new pcap with AH.<br>
><br>
> Michel<br>
><br>
</div>> 2012/5/10 Peter Manev <<a href="mailto:petermanev@gmail.com">petermanev@gmail.com</a> <mailto:<a href="mailto:petermanev@gmail.com">petermanev@gmail.com</a>>><br>
<div class="im">><br>
> is this the same pcap, as provided earlier in the mail conversation?<br>
><br>
> thanks<br>
><br>
><br>
> On Thu, May 10, 2012 at 2:13 PM, Michel SABORDE<br>
</div><div class="im">> <<a href="mailto:michel.saborde@gmail.com">michel.saborde@gmail.com</a> <mailto:<a href="mailto:michel.saborde@gmail.com">michel.saborde@gmail.com</a>>> wrote:<br>
><br>
> I just tried the lastest git master and no alert is trigerred if<br>
> a A H extension header is present.<br>
><br>
> Michel<br>
> 2012/5/10 Michel SABORDE <<a href="mailto:michel.saborde@gmail.com">michel.saborde@gmail.com</a><br>
</div>> <mailto:<a href="mailto:michel.saborde@gmail.com">michel.saborde@gmail.com</a>>><br>
<div class="im">><br>
> No sorry !<br>
> But is there a way i can download the lastest git as a tgz<br>
> or something ?<br>
> I don't have git atm.<br>
><br>
> Michel<br>
><br>
> 2012/5/10 Peter Manev <<a href="mailto:petermanev@gmail.com">petermanev@gmail.com</a><br>
</div>> <mailto:<a href="mailto:petermanev@gmail.com">petermanev@gmail.com</a>>><br>
<div class="im">><br>
> Hi,<br>
><br>
> Did you try the latest git master?<br>
><br>
> thanks<br>
><br>
> On Thu, May 10, 2012 at 12:08 PM, Michel SABORDE<br>
> <<a href="mailto:michel.saborde@gmail.com">michel.saborde@gmail.com</a><br>
</div><div class="im">> <mailto:<a href="mailto:michel.saborde@gmail.com">michel.saborde@gmail.com</a>>> wrote:<br>
><br>
> Hi again :)<br>
><br>
> I just tried AH extension header (not ESP) but i<br>
> think suricata doesn't recognize it yet.<br>
> Can you confirm ?<br>
> I have a pcap if needed.<br>
><br>
> Any news about more detailed ipv6 extension header<br>
> rules ?<br>
><br>
> Michel<br>
><br>
> 2012/4/21 Victor Julien <<a href="mailto:victor@inliniac.net">victor@inliniac.net</a><br>
</div>> <mailto:<a href="mailto:victor@inliniac.net">victor@inliniac.net</a>>><br>
<div><div class="h5">><br>
> On 04/19/2012 02:23 PM, Michel SABORDE wrote:<br>
> > Btw, is it possible (i'm sure it is) to write<br>
> a signature that trigger<br>
> > when Routing Header type 0 is present in a<br>
> packet ?<br>
> > Or even just if any routing header is present ?<br>
><br>
> Actually I don't think there is currently.<br>
><br>
> Maybe we should add a keyword like:<br>
><br>
> ip6exthdr:frag,>1; // more than one frag hdr<br>
> ip6exthdr:routing,1 // routing hdr present<br>
> ip6exthdr:esp,0; // esp hdr not present<br>
><br>
> For more detailed matching:<br>
><br>
> ip6rh_type:0;<br>
> ip6rh_type0:<ip6 addr/cidr>;<br>
><br>
> Or something... suggestions are welcome.<br>
><br>
> > I've found some decode-event rules in the<br>
> decoder-events.rules file but<br>
> > rules are only for duplicated extension header.<br>
><br>
> Yes, these are only for anomalies.<br>
><br>
> --<br>
> ---------------------------------------------<br>
> Victor Julien<br>
> <a href="http://www.inliniac.net/" target="_blank">http://www.inliniac.net/</a><br>
> PGP: <a href="http://www.inliniac.net/victorjulien.asc" target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>
> ---------------------------------------------<br>
><br>
><br>
><br>
> _______________________________________________<br>
> Oisf-users mailing list<br>
> <a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
</div></div>> <mailto:<a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a>><br>
<div class="HOEnZb"><div class="h5">> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
><br>
><br>
><br>
><br>
> --<br>
> Regards,<br>
> Peter Manev<br>
><br>
><br>
><br>
><br>
><br>
><br>
> --<br>
> Regards,<br>
> Peter Manev<br>
><br>
><br>
<br>
<br>
--<br>
---------------------------------------------<br>
Victor Julien<br>
<a href="http://www.inliniac.net/" target="_blank">http://www.inliniac.net/</a><br>
PGP: <a href="http://www.inliniac.net/victorjulien.asc" target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>
---------------------------------------------<br>
<br>
_______________________________________________<br>
Oisf-users mailing list<br>
<a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
</div></div></blockquote></div><br>