Bug #340
closed
FN on sig contains ip proto negate please
Added by rmkml rmkml about 13 years ago.
Updated almost 13 years ago.
Description
Hi,
Anyone fix this FN please?:
alert ip any any -> any any (msg:"test ip proto 1"; ip_proto:219; classtype:non-standard-protocol; sid:999991; rev:1;)
Joigned pcap file: ok suricata v105 fire.
ok next sig contains ip proto negate:
alert ip any any -> any any (msg:"test ip proto 2"; ip_proto:!1; classtype:non-standard-protocol; sid:999992; rev:1;)
on this: suricata v105 not fire (of course, snort fire).
Regards
Rmkml
Files
- Due date set to 10/11/2011
- Status changed from New to Assigned
- Assignee set to Anoop Saldanha
- Priority changed from Normal to High
- Target version set to 1.1beta3
- Estimated time set to 4.00 h
Anoop, can you check this out? Thanks!
Victor Julien wrote:
Anoop, can you check this out? Thanks!
Sure
- Due date changed from 10/11/2011 to 10/25/2011
- Target version changed from 1.1beta3 to 1.0.6
Fixed for the current git master. Retargeting to 1.0.6 so we can fix it there as well.
- Status changed from Assigned to Resolved
- Status changed from Resolved to Closed
- % Done changed from 0 to 100
Also available in: Atom
PDF