[people/stevee/ipfire-2.x.git] / src / patches / suricata-disable-sid-2210059.patch

diff -Nur a/rules/stream-events.rules b/rules/stream-events.rules
--- a/rules/stream-events.rules	2021-11-17 16:55:12.000000000 +0100
+++ b/rules/stream-events.rules	2021-12-08 18:12:39.850189502 +0100
@@ -89,7 +89,7 @@
 # rule to alert if a stream has excessive retransmissions
 alert tcp any any -> any any (msg:"SURICATA STREAM excessive retransmissions"; flowbits:isnotset,tcp.retransmission.alerted; flowint:tcp.retransmission.count,>=,10; flowbits:set,tcp.retransmission.alerted; classtype:protocol-command-decode; sid:2210054; rev:1;)
 # Packet on wrong thread. Fires at most once per flow.
-alert tcp any any -> any any (msg:"SURICATA STREAM pkt seen on wrong thread"; stream-event:wrong_thread; sid:2210059; rev:1;)
+#alert tcp any any -> any any (msg:"SURICATA STREAM pkt seen on wrong thread"; stream-event:wrong_thread; sid:2210059; rev:1;)
 
 # Packet with FIN+SYN set
 alert tcp any any -> any any (msg:"SURICATA STREAM FIN SYN reuse"; stream-event:fin_syn; classtype:protocol-command-decode; sid:2210060; rev:1;)
Commit	Line	Data
65d5ec52 SS	1	diff -Nur a/rules/stream-events.rules b/rules/stream-events.rules
	2	--- a/rules/stream-events.rules 2021-11-17 16:55:12.000000000 +0100
	3	+++ b/rules/stream-events.rules 2021-12-08 18:12:39.850189502 +0100
	4	@@ -89,7 +89,7 @@
	5	# rule to alert if a stream has excessive retransmissions
	6	alert tcp any any -> any any (msg:"SURICATA STREAM excessive retransmissions"; flowbits:isnotset,tcp.retransmission.alerted; flowint:tcp.retransmission.count,>=,10; flowbits:set,tcp.retransmission.alerted; classtype:protocol-command-decode; sid:2210054; rev:1;)
	7	# Packet on wrong thread. Fires at most once per flow.
	8	-alert tcp any any -> any any (msg:"SURICATA STREAM pkt seen on wrong thread"; stream-event:wrong_thread; sid:2210059; rev:1;)
	9	+#alert tcp any any -> any any (msg:"SURICATA STREAM pkt seen on wrong thread"; stream-event:wrong_thread; sid:2210059; rev:1;)
	10
	11	# Packet with FIN+SYN set
	12	alert tcp any any -> any any (msg:"SURICATA STREAM FIN SYN reuse"; stream-event:fin_syn; classtype:protocol-command-decode; sid:2210060; rev:1;)