[Oisf-users] IPv6 & Extension header
Victor Julien
victor at inliniac.net
Wed Jun 20 07:25:07 UTC 2012
On 06/18/2012 12:06 PM, Michel SABORDE wrote:
> Hi,
>
> I've been trying to create signature to identify IPv6 extension header.
> When i try to use ip_proto in my signature, it only matches the next
> "real" protocol like TCP not the immediately following ipv6 extension
> header.
> I think Suricata recognizes the protocol following the last ipv6
> extension header.
> If it is the normal behaviour, it would be nice to have a keyword to
> match the immediately following protocol.
Yes, this behavior is intended. I'd be happy to add a keyword to test
for ext hdr presence. Any suggestions on what it should look like?
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list