Project

General

Profile

Actions

Bug #6222

closed

Decode-events of IPv6 GRE are not triggered

Added by Cole Dishington over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
low
Difficulty:
low
Label:

Description

Detection of decode-events of IPv6 GRE packets are not triggered if the GRE decoding fails. I have attached a pcap, that I used for the suricata-verify test, containing IPv4 and IPv6 packets that specify a proto GRE but with a partial GRE payload.
The following rule will be tiggered for GRE over IPv6 but not for GRE over IPv6.

alert ip any any -> any any (msg:"GRE packet too small"; decode-event:gre.pkt_too_small; sid:3;)


Files

test.pcap (516 Bytes) test.pcap Cole Dishington, 07/19/2023 10:21 PM

Subtasks 1 (0 open1 closed)

Bug #6226: Decode-events of IPv6 GRE are not triggered (6.0.x backport)ClosedCole DishingtonActions
Actions

Also available in: Atom PDF