Actions
Bug #3266
closedfast-log: icmp type prints wrong value
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport
Description
Fast log prints Packet::sp and Packet::dp, but these are unions:
union {
Port sp;
// icmp type and code of this packet
struct {
uint8_t type;
uint8_t code;
} icmp_s;
};
union {
Port dp;
// icmp type and code of the expected counterpart (for flows)
struct {
uint8_t type;
uint8_t code;
} icmp_d;
};
So printing Packet::sp or dp for ICMP does not give the correct results.
E.g. from et-sigs:
10/18/2019-13:06:01.032939 [Drop] [**] [1:2200076:2] SURICATA ICMPv4 invalid checksum [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {ICMP} 60.191.38.77:771 -> 192.168.69.246:0
Updated by Victor Julien about 5 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Philippe Antoine
Updated by Philippe Antoine about 5 years ago
- Status changed from Assigned to Closed
Updated by Victor Julien about 5 years ago
- Copied to Bug #3385: fast-log: icmp type prints wrong value (4.1.x) added
Actions