git.ipfire.org Git - thirdparty/suricata.git/commit

]> git.ipfire.org Git - thirdparty/suricata.git/commit

projects / thirdparty / suricata.git / commit

author	Victor Julien <victor@inliniac.net>
	Wed, 8 Feb 2017 12:55:34 +0000 (13:55 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 8 Feb 2017 12:55:34 +0000 (13:55 +0100)
commit	86222428dd51adf2b6ff562a49e0e1ed22e0da76
tree	293c52f15ab20955401c63accee54f34c2a85bd5	tree
parent	4683b0e662aa1349168c9706440aaeab1bef0e47	commit \| diff

detect: don't run IP inspection on non-IP packets

The code to get the rule group (sgh) would return the group for
IP proto 0 instead of nothing. This lead to certain types of rules
unintentionally matching (False Positive).

Since the packets weren't actually IP, the logged alert records
were missing the IP header.

Bug #2017.

src/detect.c

diff | blob | blame | history

Mirror of https://github.com/OISF/suricata.git

RSS Atom