alert pkthdr any any -> any any (msg:"SURICATA VLAN too many layers"; decode-event:vlan.too_many_layers; sid:2200091; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA IP raw invalid IP version "; decode-event:ipraw.invalid_ip_version; sid:2200068; rev:1;)
-alert pkthdr any any -> any any (msg:"SURICATA FRAG IPv4 Packet size too large"; decode-event:ipv4.frag_too_large; sid:2200069; rev:1;)
+alert pkthdr any any -> any any (msg:"SURICATA FRAG IPv4 Packet size too large"; decode-event:ipv4.frag_pkt_too_large; sid:2200069; rev:2;)
alert pkthdr any any -> any any (msg:"SURICATA FRAG IPv4 Fragmentation overlap"; decode-event:ipv4.frag_overlap; sid:2200070; rev:1;)
-alert pkthdr any any -> any any (msg:"SURICATA FRAG IPv6 Packet size too large"; decode-event:ipv6.frag_too_large; sid:2200071; rev:1;)
+alert pkthdr any any -> any any (msg:"SURICATA FRAG IPv6 Packet size too large"; decode-event:ipv6.frag_pkt_too_large; sid:2200071; rev:2;)
alert pkthdr any any -> any any (msg:"SURICATA FRAG IPv6 Fragmentation overlap"; decode-event:ipv6.frag_overlap; sid:2200072; rev:1;)
# checksum rules
{ "decoder.sctp.pkt_too_small", SCTP_PKT_TOO_SMALL, },
/* Fragmentation reasembly events. */
- { "decoder.ipv4.frag_too_large", IPV4_FRAG_PKT_TOO_LARGE, },
- { "decoder.ipv6.frag_too_large", IPV6_FRAG_PKT_TOO_LARGE, },
+ { "decoder.ipv4.frag_pkt_too_large", IPV4_FRAG_PKT_TOO_LARGE, },
+ { "decoder.ipv6.frag_pkt_too_large", IPV6_FRAG_PKT_TOO_LARGE, },
{ "decoder.ipv4.frag_overlap", IPV4_FRAG_OVERLAP, },
{ "decoder.ipv6.frag_overlap", IPV6_FRAG_OVERLAP, },
/* Fragment ignored due to internal error */
insert:
if (data_len - ltrim <= 0) {
- if (af == AF_INET) {
- ENGINE_SET_EVENT(p, IPV4_FRAG_TOO_LARGE);
- } else {
- ENGINE_SET_EVENT(p, IPV6_FRAG_TOO_LARGE);
- }
+ /* Full packet has been trimmed due to the overlap policy. Overlap
+ * already set. */
goto done;
}
projects / thirdparty / suricata.git / commitdiff
