Skip to content

decode-ipv6: Set IPv6 proto incase of ext header parsing error#8912

Closed
coledishington wants to merge 1 commit intoOISF:masterfrom
coledishington:ipv6-fix-decode-event
Closed

decode-ipv6: Set IPv6 proto incase of ext header parsing error#8912
coledishington wants to merge 1 commit intoOISF:masterfrom
coledishington:ipv6-fix-decode-event

Conversation

@coledishington
Copy link

Set the IPv6 packet proto before parsing the ext headers, similar to decode-ipv4, incase of an ext header parsing error. Otherwise rule decode-events are not triggered for packets encapsulated in IPv6.

Make sure these boxes are signed before submitting your Pull Request -- thank you.

No redmine ticket due to simplicity of fix.

Describe changes:
Fix detection of decode-events of IPv6 packets by setting the IPv6 packet proto before parsing the ext headers, similar to decode-ipv4. The error occurs if there is a decode error in an ext header.

Set the IPv6 packet proto before parsing the ext headers, similar to
decode-ipv4, incase of an ext header parsing error. Otherwise
rule decode-events are not triggered for packets encapsulated in IPv6.
@codecov
Copy link

codecov bot commented May 24, 2023

Codecov Report

Merging #8912 (54a3eda) into master (ebe0a7b) will increase coverage by 0.03%.
The diff coverage is 100.00%.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #8912      +/-   ##
==========================================
+ Coverage   82.30%   82.33%   +0.03%     
==========================================
  Files         969      969              
  Lines      273335   273336       +1     
==========================================
+ Hits       224961   225045      +84     
+ Misses      48374    48291      -83     
Flag Coverage Δ
fuzzcorpus 64.72% <100.00%> (+0.07%) ⬆️
suricata-verify 60.45% <100.00%> (-0.01%) ⬇️
unittests 62.94% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@victorjulien victorjulien added needs ticket Needs (link to) redmine ticket needs verify Needs (a) Suricata-verify test(s) labels May 24, 2023
@victorjulien
Copy link
Member

Need both ticket and SV test please. We use tickets to track backports and generate changelogs.

@catenacyber
Copy link
Contributor

Replaced by #8917 right ?

@coledishington
Copy link
Author

Replaced by #8917 right ?

Yep this is replaced by #8917. I created a bug report (https://redmine.openinfosecfoundation.org/issues/6086) and suricata-verify test (OISF/suricata-verify#1218) too. Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs ticket Needs (link to) redmine ticket needs verify Needs (a) Suricata-verify test(s)

Development

Successfully merging this pull request may close these issues.

3 participants

Comments