Bug #6038: TCP resets have incorrect len, nh in IPv6 - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #6038

closed

TCP resets have incorrect len, nh in IPv6

Added by Jamie Lavigne over 1 year ago. Updated over 1 year ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

7.0.0-rc2

Affected Versions:

Effort:

Difficulty:

Label:

Description

Suricata's TCP rejects over IPv6 appear to have an incorrect length field value, which can cause these packets to be dropped as invalid elsewhere in the network before reaching their destination. We believe the problem is at [1] - it looks like Suricata is populating that field with the packet total length (which is correct for IPv4) instead of the payload length (correct for IPv6). We have tested a patched version of Suricata with this line corrected (lpacket.len = LIBNET_TCP_H;) which solves the problem for us.

[1] https://github.com/OISF/suricata/blob/f8ec993401aaeb25f96b6f752ea8095bf5213af6/src/respond-reject-libnet11.c#L440

Subtasks 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #6038

TCP resets have incorrect len, nh in IPv6

Updated by Jamie Lavigne over 1 year ago

Updated by Victor Julien over 1 year ago

Updated by OISF Ticketbot over 1 year ago

Updated by OISF Ticketbot over 1 year ago

Updated by Victor Julien over 1 year ago

Updated by Victor Julien over 1 year ago

Updated by Victor Julien over 1 year ago