From: Jason Ish <ish@unx.ca>
Date: Wed, 20 Mar 2019 12:45:49 +0000 (-0600)
Subject: rules: add mpls packet too small decoder rule
X-Git-Tag: suricata-5.0.0-beta1~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=275e8f280dc46d8e5d8a4dc28b134c222dc5d730;p=thirdparty%2Fsuricata.git

rules: add mpls packet too small decoder rule
---

diff --git a/rules/decoder-events.rules b/rules/decoder-events.rules
index d2703147f1..6518a17500 100644
--- a/rules/decoder-events.rules
+++ b/rules/decoder-events.rules
@@ -123,6 +123,7 @@ alert pkthdr any any -> any any (msg:"SURICATA IPv6-in-IPv6 invalid protocol"; d
 
 # MPLS rules
 alert pkthdr any any -> any any (msg:"SURICATA MPLS header too small"; decode-event:mpls.header_too_small; classtype:protocol-command-decode; sid:2200111; rev:2;)
+alert pkthdr any any -> any any (msg:"SURICATA MPLS packet too small"; decode-event:mpls.pkt_too_small; classtype:protocol-command-decode; sid:2200114; rev:2;)
 alert pkthdr any any -> any any (msg:"SURICATA MPLS bad router alert label"; decode-event:mpls.bad_label_router_alert; classtype:protocol-command-decode; sid:2200098; rev:2;)
 alert pkthdr any any -> any any (msg:"SURICATA MPLS bad implicit null label"; decode-event:mpls.bad_label_implicit_null; classtype:protocol-command-decode; sid:2200099; rev:2;)
 alert pkthdr any any -> any any (msg:"SURICATA MPLS reserved label"; decode-event:mpls.bad_label_reserved; classtype:protocol-command-decode; sid:2200100; rev:2;)
@@ -142,5 +143,5 @@ alert pkthdr any any -> any any (msg:"SURICATA ERSPAN too many vlan layers"; dec
 # Cisco Fabric Path/DCE
 alert pkthdr any any -> any any (msg:"SURICATA DCE packet too small"; decode-event:dce.pkt_too_small; classtype:protocol-command-decode; sid:2200110; rev:2;)
 
-# next sid is 2200113
+# next sid is 2200114