alert pkthdr any any -> any any (msg:"SURICATA IPv4 invalid option length"; decode-event:ipv4.opt_invalid_len; sid:2200005; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA IPv4 malformed option"; decode-event:ipv4.opt_malformed; sid:2200006; rev:1;)
#alert pkthdr any any -> any any (msg:"SURICATA IPv4 padding required "; decode-event:ipv4.opt_pad_required; sid:2200007; rev:1;)
+alert pkthdr any any -> any any (msg:"SURICATA IPv4 with ICMPv6 header"; decode-event:ipv4.icmpv6; sid:2200092; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA IPv4 option end of list required"; decode-event:ipv4.opt_eol_required; sid:2200008; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA IPv4 duplicated IP option"; decode-event:ipv4.opt_duplicate; sid:2200009; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA IPv4 unknown IP option"; decode-event:ipv4.opt_unknown; sid:2200010; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA IPv6-in-IPv6 packet too short"; decode-event:ipv6.ipv6_in_ipv6_too_small; sid:2200084; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA IPv6-in-IPv6 invalid protocol"; decode-event:ipv6.ipv6_in_ipv6_wrong_version; sid:2200085; rev:1;)
-# next sid is 2200092
+# next sid is 2200093
IPV4_OPT_DUPLICATE, /**< duplicated ip option */
IPV4_OPT_UNKNOWN, /**< unknown ip option */
IPV4_WRONG_IP_VER, /**< wrong ip version in ip options */
+ IPV4_WITH_ICMPV6, /**< IPv4 packet with ICMPv6 header */
/* ICMP EVENTS */
ICMPV4_PKT_TOO_SMALL, /**< icmpv4 packet smaller than minimum size */
IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p), pq);
}
break;
+ case IPPROTO_ICMPV6:
+ ENGINE_SET_INVALID_EVENT(p, IPV4_WITH_ICMPV6);
+ break;
}
return TM_ECODE_OK;
{ "ipv4.opt_duplicate", IPV4_OPT_DUPLICATE, },
{ "ipv4.opt_unknown", IPV4_OPT_UNKNOWN, },
{ "ipv4.wrong_ip_version", IPV4_WRONG_IP_VER, },
+ { "ipv4.icmpv6", IPV4_WITH_ICMPV6, },
/* ICMP EVENTS */
{ "icmpv4.pkt_too_small", ICMPV4_PKT_TOO_SMALL, },
projects / thirdparty / suricata.git / commitdiff
