[Oisf-users] IPv6 & Extension header
Victor Julien
victor at inliniac.net
Wed Apr 4 09:49:09 UTC 2012
On 04/03/2012 08:21 PM, Victor Julien wrote:
> On 04/03/2012 03:06 PM, Victor Julien wrote:
>> On 04/03/2012 11:28 AM, Michel SABORDE wrote:
>>> The pcap is attach to this mail.
>>> I tried with the same rule as before and no alert is trigerred.
>>> I already tried reading the pcap with suricata so this pcap should
>>> reproduce the issue.
>>> I may also have found something weird in fragmented ICMPv6 Echo Request
>>> / Reply.
>>
>> I think I found the issue. For some reason the reassembled packet
>> contains the ethernet header as well, while the decoder doesn't expect
>> that. Working on a fix.
>
> Partial fix pushed. Alert now fires. Http.log doesn't show the request
> though, will look at that tomorrow.
Fixed that as well. Please resync with the current git master.
Thanks for the reports!
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list