[Oisf-users] IPv6 & Extension header

Michel SABORDE michel.saborde at gmail.com
Tue Apr 10 10:07:15 UTC 2012


Hi again,

I just noticed that if you stack 42 extensions headers, for example 42
destination option, the rule is not triggered.
Is it a config problem ?
Michel
Le 4 avril 2012 11:49, Victor Julien <victor at inliniac.net> a écrit :

> On 04/03/2012 08:21 PM, Victor Julien wrote:
> > On 04/03/2012 03:06 PM, Victor Julien wrote:
> >> On 04/03/2012 11:28 AM, Michel SABORDE wrote:
> >>> The pcap is attach to this mail.
> >>> I tried with the same rule as before and no alert is trigerred.
> >>> I already tried reading the pcap with suricata so this pcap should
> >>> reproduce the issue.
> >>> I may also have found something weird in fragmented ICMPv6 Echo Request
> >>> / Reply.
> >>
> >> I think I found the issue. For some reason the reassembled packet
> >> contains the ethernet header as well, while the decoder doesn't expect
> >> that. Working on a fix.
> >
> > Partial fix pushed. Alert now fires. Http.log doesn't show the request
> > though, will look at that tomorrow.
>
> Fixed that as well. Please resync with the current git master.
>
> Thanks for the reports!
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120410/cb985247/attachment-0002.html>


More information about the Oisf-users mailing list