Project

General

Profile

Actions
Copy link

Bug #7552

open

applayer: misdetection if response is seen first without request

Added by Alice da Silva Akaki 8 days ago. Updated 6 days ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
8.0.0-beta1
Affected Versions:
7.0.8, git master
Effort:
Difficulty:
Label:

Description

Transaction gets cleaned by AppLayerParserTransactionsCleanup before detection is run in the to_client direction when stream.midstream=true and first packet is to client dir.

Found in: https://github.com/OISF/suricata-verify/pull/2282

The next step is find a pcap to reproduce the bug

Subtasks 1 (1 open0 closed)

Bug #7553: applayer: misdetection if response is seen first without request (7.0.x backport)AssignedOISF DevActions
Actions
Copy link
 #1

Updated by OISF Ticketbot 8 days ago

  • Subtask #7553 added
Actions
Copy link
 #2

Updated by OISF Ticketbot 8 days ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #3

Updated by Alice da Silva Akaki 8 days ago

  • Affected Versions 7.0.8, git master added
  • Label Needs backport to 7.0 added
Actions
Copy link
 #4

Updated by OISF Ticketbot 8 days ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #5

Updated by Alice da Silva Akaki 7 days ago

Actions
Copy link
 #6

Updated by Shivani Bhardwaj 6 days ago

  • Subject changed from detect: flags not set to client dir if midsteam==true and 1st packet to client to applayer: misdetection if response is seen first without request
Actions
Copy link

Also available in: Atom PDF