Bug #7552
closed
app-layer: misdetection if response is seen first without request
Added by Alice da Silva Akaki 2 months ago.
Updated 19 days ago.
Description
Transaction gets cleaned by AppLayerParserTransactionsCleanup before detection is run in the to_client direction when stream.midstream=true and first packet is to client dir.
Found in: https://github.com/OISF/suricata-verify/pull/2282
The next step is find a pcap to reproduce the bug
- Label deleted (
Needs backport to 7.0)
- Affected Versions 7.0.8, git master added
- Label Needs backport to 7.0 added
- Label deleted (
Needs backport to 7.0)
- Subject changed from detect: flags not set to client dir if midsteam==true and 1st packet to client to applayer: misdetection if response is seen first without request
- Status changed from New to In Review
- Assignee changed from OISF Dev to Philippe Antoine
- Status changed from In Review to Resolved
- Status changed from Resolved to Closed
- Subject changed from applayer: misdetection if response is seen first without request to app-layer: misdetection if response is seen first without request
Also available in: Atom
PDF