[Oisf-users] IPv6 & Extension header
Victor Julien
victor at inliniac.net
Wed Apr 18 07:27:38 UTC 2012
On 04/10/2012 12:36 PM, Michel SABORDE wrote:
> The pcap is attach to this email with the following tests :
> - 41 Destination Option Extension Header
> - 41 Atomic Fragmentation Extension Header
I've pushed a new git master that addresses this issue.
Thanks Michel!
Cheers,
Victor
> Michel
>
> Le 10 avril 2012 12:09, Victor Julien <victor at inliniac.net
> <mailto:victor at inliniac.net>> a écrit :
>
> On 04/10/2012 12:07 PM, Michel SABORDE wrote:
> > Hi again,
> >
> > I just noticed that if you stack 42 extensions headers, for example 42
> > destination option, the rule is not triggered.
>
> Can share a pcap?
>
> > Is it a config problem ?
>
> No, there are no options affecting that.
>
> Cheers,
> Victor
>
> > Michel
> > Le 4 avril 2012 11:49, Victor Julien <victor at inliniac.net
> <mailto:victor at inliniac.net>
> > <mailto:victor at inliniac.net <mailto:victor at inliniac.net>>> a écrit :
> >
> > On 04/03/2012 08:21 PM, Victor Julien wrote:
> > > On 04/03/2012 03:06 PM, Victor Julien wrote:
> > >> On 04/03/2012 11:28 AM, Michel SABORDE wrote:
> > >>> The pcap is attach to this mail.
> > >>> I tried with the same rule as before and no alert is
> trigerred.
> > >>> I already tried reading the pcap with suricata so this
> pcap should
> > >>> reproduce the issue.
> > >>> I may also have found something weird in fragmented ICMPv6
> Echo
> > Request
> > >>> / Reply.
> > >>
> > >> I think I found the issue. For some reason the reassembled
> packet
> > >> contains the ethernet header as well, while the decoder doesn't
> > expect
> > >> that. Working on a fix.
> > >
> > > Partial fix pushed. Alert now fires. Http.log doesn't show
> the request
> > > though, will look at that tomorrow.
> >
> > Fixed that as well. Please resync with the current git master.
> >
> > Thanks for the reports!
> >
> > --
> > ---------------------------------------------
> > Victor Julien
> > http://www.inliniac.net/
> > PGP: http://www.inliniac.net/victorjulien.asc
> > ---------------------------------------------
> >
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> <mailto:Oisf-users at openinfosecfoundation.org>
> > <mailto:Oisf-users at openinfosecfoundation.org
> <mailto:Oisf-users at openinfosecfoundation.org>>
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> >
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list