[Oisf-devel] Suricata 2.0dev + PF_RING 5.6.0 sporadic crashes in HTPCallbackRequest
Chris Wakelin
c.d.wakelin at reading.ac.uk
Fri Jul 19 11:35:31 EDT 2013
On 19/07/13 13:58, Anoop Saldanha wrote:
>
> Can you run the lastest master(post 0.5.x changes). There were some
> bugs in libhtp which were fixed explicitly for 1.4.x, and for the
> master we relied on the 0.5.x fixing it.
>
Hmm - done that (I cloned libhtp repository into the Suricata build
directory), and now I'm getting most entries in http.log with "hostname
unknown" (though interestingly a file captured with "filestore" had the
correct hostname in its .meta file, though the matching HTTP log entry
didn't). I can reproduce it with pcaps (exploit kits from a sandbox).
Have I missed a necessary configuration change?
Best Wishes,
Chris
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 2908
Whiteknights, Reading, RG6 6AF, UK Fax: +44 (0)118 975 3094
More information about the Oisf-devel
mailing list