alert ipv6 any any -> any any (msg:"SURICATA reserved field in Frag Header not zero"; decode-event:ipv6.fh_non_zero_reserved_field; sid:2200095; rev:1;)
# Data after the 'none' header (59) is suspicious.
alert ipv6 any any -> any any (msg:"SURICATA data after none (59) header"; decode-event:ipv6.data_after_none_header; sid:2200096; rev:1;)
+# unknown/unsupported next header / protocol. Valid protocols are not yet supported, so disabling by default
+#alert ipv6 any any -> any any (msg:"SURICATA unknown next header / protocol"; decode-event:ipv6.unknown_next_header; sid:2200097; rev:1;)
alert ipv6 any any -> any any (msg:"SURICATA IPv6 with ICMPv4 header"; decode-event:ipv6.icmpv4; sid:2200090; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA ICMPv4 packet too small"; decode-event:icmpv4.pkt_too_small; sid:2200023; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA ICMPv4 unknown type"; decode-event:icmpv4.unknown_type; sid:2200024; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA IPv6-in-IPv6 packet too short"; decode-event:ipv6.ipv6_in_ipv6_too_small; sid:2200084; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA IPv6-in-IPv6 invalid protocol"; decode-event:ipv6.ipv6_in_ipv6_wrong_version; sid:2200085; rev:1;)
-# next sid is 2200097
+# next sid is 2200098
IPV6_FH_NON_ZERO_RES_FIELD, /**< reserved field not zero */
IPV6_DATA_AFTER_NONE_HEADER, /**< data after 'none' (59) header */
+ IPV6_UNKNOWN_NEXT_HEADER, /**< unknown/unsupported next header */
IPV6_WITH_ICMPV4, /**< IPv6 packet with ICMPv4 header */
/* TCP EVENTS */
plen -= hdrextlen;
break;
default:
+ ENGINE_SET_EVENT(p, IPV6_UNKNOWN_NEXT_HEADER);
IPV6_SET_L4PROTO(p,nh);
SCReturn;
}
ENGINE_SET_EVENT(p,IPV6_WITH_ICMPV4);
break;
default:
+ ENGINE_SET_EVENT(p, IPV6_UNKNOWN_NEXT_HEADER);
IPV6_SET_L4PROTO (p, IPV6_GET_NH(p));
break;
}
{ "ipv6.zero_len_padn", IPV6_EXTHDR_ZERO_LEN_PADN, },
{ "ipv6.fh_non_zero_reserved_field", IPV6_FH_NON_ZERO_RES_FIELD, },
{ "ipv6.data_after_none_header", IPV6_DATA_AFTER_NONE_HEADER, },
+ { "ipv6.unknown_next_header", IPV6_UNKNOWN_NEXT_HEADER, },
{ "ipv6.icmpv4", IPV6_WITH_ICMPV4, },
/* TCP EVENTS */
projects / thirdparty / suricata.git / commitdiff
