Actions
Bug #1518
closedmultitenancy - selector vlan - vlan id range
Affected Versions:
Effort:
Difficulty:
Label:
Description
Using latest git - Suricata version 2.1dev (rev 834c366)
Vlan id -6000 is indeed an invalid vlan range
[2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:1917) <Info> (DetectEngineMultiTenantSetup) -- selector vlan [2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:1931) <Info> (DetectEngineMultiTenantSetup) -- multi-detect is enabled (multi tenancy). Selector: vlan [2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:1947) <Info> (DetectEngineMultiTenantSetup) -- vlan 1 666 [2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:2106) <Info> (DetectEngineTentantRegisterSelector) -- tenant handler 2 1 666 registered [2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:1947) <Info> (DetectEngineMultiTenantSetup) -- *vlan 2 -6000* [2470] 26/7/2015 -- 19:40:05 - (util-byte.c:231) <Error> (ByteExtractStringUint16) -- [ERRCODE: SC_ERR_NUMERIC_VALUE_ERANGE(61)] - Numeric value out of range (18446744073709545616 > 65535) [2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:1963) <Error> (DetectEngineMultiTenantSetup) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - vlan-id of -6000 is invalid [2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:2007) <Info> (DetectEngineMultiTenantSetup) -- tenant id: 1, /etc/suricata/tenant-1.yaml [2470] 26/7/2015 -- 19:40:05 - (detect-engine.c:2007) <Info> (DetectEngineMultiTenantSetup) -- tenant id: 2, /etc/suricata/tenant-2.yaml [2472] 26/7/2015 -- 19:40:05 - (detect-engine.c:1810) <Info> (DetectLoaderFuncLoadTenant) -- loader 1
so is vlan id 6000 - but this one passes through:
[2556] 26/7/2015 -- 19:42:26 - (detect-engine-loader.c:128) <Info> (DetectLoadersInit) -- using 2 detect loader threads [2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:1917) <Info> (DetectEngineMultiTenantSetup) -- selector vlan [2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:1931) <Info> (DetectEngineMultiTenantSetup) -- multi-detect is enabled (multi tenancy). Selector: vlan [2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:1947) <Info> (DetectEngineMultiTenantSetup) -- vlan 1 666 [2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:2106) <Info> (DetectEngineTentantRegisterSelector) -- tenant handler 2 1 666 registered [2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:1947) <Info> (DetectEngineMultiTenantSetup) -- *vlan 2 6000* [2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:2106) <Info> (DetectEngineTentantRegisterSelector) -- tenant handler 2 2 6000 registered [2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:2007) <Info> (DetectEngineMultiTenantSetup) -- tenant id: 1, /etc/suricata/tenant-1.yaml [2556] 26/7/2015 -- 19:42:26 - (detect-engine.c:2007) <Info> (DetectEngineMultiTenantSetup) -- tenant id: 2, /etc/suricata/tenant-2.yaml [2557] 26/7/2015 -- 19:42:26 - (detect-engine.c:1810) <Info> (DetectLoaderFuncLoadTenant) -- loader 0 [2558] 26/7/2015 -- 19:42:26 - (detect-engine.c:1810) <Info> (DetectLoaderFuncLoadTenant) -- loader 1
Only valid vlan id ranges should be considered in the selector vlan mode.
Actions