Viewing all changes in revision 10116.
- Committer: Victor Julien
- Date: 2019-08-22 12:21:15 UTC
- Revision ID: git-v1:7384744c3e52977b8db8a451df7f15a06cb8a2b8
detect: fix FP on ICMP unreachable errors
ICMP unreachable errors are linked to the flow they send an error for.
This would lead to the detection engine calling the TX inspection
engines on them.
The stream inspect engine would default to a match for non-UDP
and non-TCP as for ICMP we're not expected to use a TX inspect engine
for stream data.
This all would lead to a false positive match.
This patch fixes this by making sure the TX engines are not called if
the packet protocol and flow protocol are not the same.
Bug #2769.
ICMP unreachable errors are linked to the flow they send an error for.
This would lead to the detection engine calling the TX inspection
engines on them.
The stream inspect engine would default to a match for non-UDP
and non-TCP as for ICMP we're not expected to use a TX inspect engine
for stream data.
This all would lead to a false positive match.
This patch fixes this by making sure the TX engines are not called if
the packet protocol and flow protocol are not the same.
Bug #2769.
- files modified:
- src/detect.c
expand all
collapse all
added
removed
