[Oisf-users] Is this a bug?
xbadou xbadou
xbadou at gmail.com
Mon Jan 14 07:25:54 UTC 2013
Hi, In suricata 1.3.5 util-action.c
It's a bug writing 'ACTION_REJECT_BOTH' twice. But it seems have fixed in
1.4.
I think this is the case he mentioned.
uint8_t ActionOrderVal(uint8_t action) {
/* reject_both and reject_dst have the same prio as reject */
if( action & ACTION_REJECT ||
action & ACTION_REJECT_BOTH ||
action & ACTION_REJECT_BOTH) {
action = ACTION_REJECT;
}
uint8_t i = 0;
for (; i < 4; i++) {
if (action_order_sigs[i] == action)
return i;
}
/* Unknown action, set just a low prio (high val) */
return 10;
}
On Fri, Jan 11, 2013 at 6:09 PM, Victor Julien <lists at inliniac.net> wrote:
> On 12/29/2012 03:05 AM, 郑博文 wrote:
> > Hello:
> > I am reading suricata codes recently, I think the fisrt
> > "ACTION_REJECT_BOTH" should change to "ACTION_REJECT_DST" in
> > util-action.c file ActionOrderVal function line 56.
>
> This is the code:
>
> if( (action & ACTION_REJECT) ||
> (action & ACTION_REJECT_BOTH) ||
> (action & ACTION_REJECT_DST)) {
> action = ACTION_REJECT;
> }
>
> How do you think it should be different? If ACTION_REJECT_BOTH would be
> changed to ACTION_REJECT_DST the latter would appear twice.
>
> Cheers,
> Victor
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130114/255f72ef/attachment-0002.html>
More information about the Oisf-users
mailing list