]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 21e15e2) | patch
proto/detect: workaround dns misdetected as dcerpc
authorVictor Julien <victor@inliniac.net>
Wed, 19 Dec 2018 10:49:42 +0000 (11:49 +0100)
committerVictor Julien <victor@inliniac.net>
Sat, 16 Feb 2019 13:58:18 +0000 (14:58 +0100)
commit75488b00a8ad41df9cbfa7e4da24a83595fcc226
treefb15959b2e48f6e43067406cf49368a1fbb49c17tree
parent21e15e2911bb72daf5ac4f523ff25c4271058534commit | diff
proto/detect: workaround dns misdetected as dcerpc

The DCERPC UDP detection would misfire on DNS with transaction
ID 0x0400. This would happen as the protocol detection engine
gives preference to pattern based detection over probing parsers for
performance reasons.

This hack/workaround fixes this specific case by still running the
probing parser if DCERPC has been detected on UDP. The probing
parser result will take precedence.

Bug #2736.
src/app-layer-detect-proto.c diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git