From fa2ce043cf6463903d1d68df67a6509920f63329 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Fri, 2 Nov 2018 16:59:40 +0100
Subject: [PATCH] ipv6: disable zero len padN rule by default

---
 rules/decoder-events.rules | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/decoder-events.rules b/rules/decoder-events.rules
index ffa017c24..d2703147f 100644
--- a/rules/decoder-events.rules
+++ b/rules/decoder-events.rules
@@ -37,8 +37,8 @@ alert pkthdr any any -> any any (msg:"SURICATA IPv6 DSTOPTS unknown option"; dec
 alert pkthdr any any -> any any (msg:"SURICATA IPv6 DSTOPTS only padding"; decode-event:ipv6.dstopts_only_padding; classtype:protocol-command-decode; sid:2200089; rev:2;)
 # Type 0 Routing header deprecated per RFC 5095
 alert ipv6 any any -> any any (msg:"SURICATA RH Type 0"; decode-event:ipv6.rh_type_0; classtype:protocol-command-decode; sid:2200093; rev:2;)
-# padN option with zero length field
-alert ipv6 any any -> any any (msg:"SURICATA zero length padN option"; decode-event:ipv6.zero_len_padn; classtype:protocol-command-decode; sid:2200094; rev:2;)
+# padN option with zero length field. This is not uncommon, so disabled by default.
+#alert ipv6 any any -> any any (msg:"SURICATA zero length padN option"; decode-event:ipv6.zero_len_padn; classtype:protocol-command-decode; sid:2200094; rev:2;)
 # Frag Header 'length' field is reserved and should be 0
 alert ipv6 any any -> any any (msg:"SURICATA reserved field in Frag Header not zero"; decode-event:ipv6.fh_non_zero_reserved_field; classtype:protocol-command-decode; sid:2200095; rev:2;)
 # Data after the 'none' header (59) is suspicious.
-- 
2.39.2