[Oisf-devel] no APP_LAYER_PARSER_DONE for HTTP protocol?
ZhouLi
zhou.li at ca-jc.com
Sat Apr 16 09:29:02 UTC 2011
With --enable-debug, I found the packet been ignored by STREAM_GAP, I think it's a bug.
//ZhouLi
----- Original Message -----
From: ZhouLi
To: oisf-devel at openinfosecfoundation.org
Sent: Saturday, April 16, 2011 11:50 AM
Subject: [Oisf-devel] no APP_LAYER_PARSER_DONE for HTTP protocol?
Hi, Victor
I am writing some testing code for suricata with clamav and I got a error log when GET a .exe file by wget or curl, it
won't occour when using IE to GET a .exe file. using tcpdump and found the log will be trigger when the first chunk packet
arrive. bug?
error log just like this,
(app-layer-parser.c:943) <Error> (AppLayerParse) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error occured in parsing "http" app
layer protocol, using network protocol 6, source IP address 192.168.88.108, destination IP address 192.168.88.1, src port
36047 and dst port 80
//ZhouLi
____ KILL Mail Shield Gateway scanned ____
____ KILL Mail Shield Gateway scanned ____
------------------------------------------------------------------------------
_______________________________________________
Oisf-devel mailing list
Oisf-devel at openinfosecfoundation.org
http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
____ KILL Mail Shield Gateway scanned ____
____ KILL Mail Shield Gateway scanned ____
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20110416/741d6b26/attachment-0002.html>
More information about the Oisf-devel
mailing list