[Oisf-devel] no APP_LAYER_PARSER_DONE for HTTP protocol?
Victor Julien
victor at inliniac.net
Sat Apr 16 09:35:03 UTC 2011
Can you share a pcap?
Btw, what Suricata version are you using?
On 04/16/2011 11:29 AM, ZhouLi wrote:
> With --enable-debug, I found the packet been ignored by STREAM_GAP, I think it's a bug.
>
> //ZhouLi
> ----- Original Message -----
> From: ZhouLi
> To: oisf-devel at openinfosecfoundation.org
> Sent: Saturday, April 16, 2011 11:50 AM
> Subject: [Oisf-devel] no APP_LAYER_PARSER_DONE for HTTP protocol?
>
>
> Hi, Victor
>
> I am writing some testing code for suricata with clamav and I got a error log when GET a .exe file by wget or curl, it
> won't occour when using IE to GET a .exe file. using tcpdump and found the log will be trigger when the first chunk packet
> arrive. bug?
> error log just like this,
> (app-layer-parser.c:943) <Error> (AppLayerParse) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Error occured in parsing "http" app
> layer protocol, using network protocol 6, source IP address 192.168.88.108, destination IP address 192.168.88.1, src port
> 36047 and dst port 80
>
> //ZhouLi
>
> ____ KILL Mail Shield Gateway scanned ____
>
> ____ KILL Mail Shield Gateway scanned ____
>
>
>
> ------------------------------------------------------------------------------
>
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
>
> ____ KILL Mail Shield Gateway scanned ____
>
>
>
> ____ KILL Mail Shield Gateway scanned ____
>
>
>
>
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list