Skip to content

sip: add tests for sip over tcp v6#1538

Closed
glongo wants to merge 1 commit intoOISF:masterfrom
glongo:sip-tcp-tests-v6
Closed

sip: add tests for sip over tcp v6#1538
glongo wants to merge 1 commit intoOISF:masterfrom
glongo:sip-tcp-tests-v6

Conversation

@glongo
Copy link
Contributor

@glongo glongo commented Dec 12, 2023

Ticket

If your pull request is related to a Suricata ticket, please provide
the full URL to the ticket here so this pull request can monitor
changes to the ticket status:

Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3351

catenacyber
catenacyber reviewed Dec 13, 2023
View reviewed changes
tests/sip-tcp-body-frames/test.rules
@@ -0,0 +1,11 @@
alert sip any any -> any any (flow:to_server; frame:pdu; content:"REGISTER"; startswith; sid:2;)
alert sip any any -> any any (flow:to_client; frame:pdu; content:"SIP/2.0 200 OK|0D 0A|"; startswith; sid:11;)
Copy link
Collaborator

@catenacyber catenacyber Dec 13, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 maybe we should automate the run of S-V with simulated TCP fragmentation

Copy link
Contributor Author

@glongo glongo Dec 13, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TCP data (pkt 4 and 6) in sip-tcp-method/sip-tcp.pcap is already fragmented.

Copy link
Collaborator

@catenacyber catenacyber Dec 13, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does not a PDU frame get created with only packet 4 ?

Copy link
Collaborator

@catenacyber catenacyber Dec 14, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, a frame gets created on packet 4 with size 400 (which is wrong)
But no tx gets created.
Then, the right frame gets created on packet 6...

Copy link
Member

@victorjulien victorjulien Dec 15, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So is this a bug?

Copy link
Contributor Author

@glongo glongo Dec 15, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A PDU frame is created only when a packet is parsed correctly, so the behavior described above does not happen anymore.

Copy link
Collaborator

@catenacyber catenacyber Dec 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there was a bug in Suricata PR cf OISF/suricata#10037 (comment)

Discussion continues now in OISF/suricata#10058 (comment)

This was referenced Dec 19, 2023
Closed
Closed
@catenacyber catenacyber added the requires suricata pr Depends on a PR in Suricata label Dec 21, 2023
@victorjulien victorjulien added the needs rebase PR looks fine but needs a rebase label Feb 27, 2024
@glongo glongo mentioned this pull request Feb 27, 2024
Closed
3 tasks
@victorjulien victorjulien mentioned this pull request Feb 28, 2024
Merged
@victorjulien
Copy link
Member

victorjulien commented Feb 28, 2024

Merged in #1672, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@catenacyber catenacyber catenacyber left review comments

@victorjulien victorjulien victorjulien approved these changes

Assignees

No one assigned

Labels

needs rebase PR looks fine but needs a rebase requires suricata pr Depends on a PR in Suricata

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@glongo @victorjulien @catenacyber