Feature #261
closedflow option "only_stream"
Description
invalid flow option "only_stream"
Example:
[9838] 20/12/2010 -- 11:50:19 - (detect-flow.c:259) <Error> (DetectFlowParse) -- [ERRCODE: SC_ERR_INVALID_VALUE(128)] - invalid flow option "only_stream"
[9838] 20/12/2010 -- 11:50:19 - (detect.c:526) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"WEB-MISC Microsoft Internet Explorer 7 html object memory corruption attempt"; flow:to_client, established, only_stream; content:"HTTP/1.1 304 Not Modified"; content:"HTTP/1.1 304 Not Modified"; distance:0; detection_filter:track by_src, count 20, seconds 1; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:cve,2007-0947; classtype:misc-activity; sid:16008; rev:5;)" from file /etc/suricata/rules/web-misc.rules at line 612
Files
Updated by Victor Julien over 13 years ago
- Status changed from New to Feedback
- Assignee set to Peter Manev
Updated by Peter Manev over 13 years ago
- File OnlyStream.bmp OnlyStream.bmp added
Victor Julien wrote:
What does this option do?
It gets triggered on reconstructed packets or packets that are only within an established stream.
(flow option sub spec)
Updated by Victor Julien almost 13 years ago
- Status changed from Feedback to Closed
- Assignee changed from Peter Manev to Victor Julien
- Target version set to 1.2
- % Done changed from 0 to 100
Implemented this.
Updated by Victor Julien almost 13 years ago
- Target version changed from 1.2 to 1.2rc1