Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

decode-ipv6: Set IPv6 proto incase of ext header parsing error #8917

Closed
wants to merge 1 commit into from
Closed

decode-ipv6: Set IPv6 proto incase of ext header parsing error #8917

wants to merge 1 commit into from

Conversation

coledishington
Copy link
Contributor

@coledishington coledishington commented May 25, 2023
edited by victorjulien

Set the IPv6 packet proto before parsing the ext headers, similar to decode-ipv4, incase of an ext header parsing error. Otherwise rule decode-events are not triggered for packets encapsulated in IPv6.

Bug: #6086.

Make sure these boxes are signed before submitting your Pull Request -- thank you.

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6086

Link to suricata-verify test case:
OISF/suricata-verify#1218

Describe changes:
Set the IPv6 packet proto before parsing the ext headers, similar to decode-ipv4, incase of an ext header parsing error.

SV_BRANCH=pr/1218

@coledishington
decode-ipv6: Set IPv6 proto incase of ext header parsing error
bdaef81 
Set the IPv6 packet proto before parsing the ext headers, similar to
decode-ipv4, incase of an ext header parsing error. Otherwise
rule decode-events are not triggered for packets encapsulated in IPv6.

Bug: OISF#6086.
@codecov
Copy link

codecov bot commented May 25, 2023
edited

Codecov Report

Merging #8917 (bdaef81) into master (ebe0a7b) will increase coverage by 0.04%.
The diff coverage is 100.00%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #8917      +/-   ##
==========================================
+ Coverage   82.30%   82.35%   +0.04%     
==========================================
  Files         969      969              
  Lines      273335   273336       +1     
==========================================
+ Hits       224961   225094     +133     
+ Misses      48374    48242     -132
Flag Coverage Δ
fuzzcorpus 64.76% <100.00%> (+0.10%) ⬆️
suricata-verify 60.47% <100.00%> (+0.01%) ⬆️
unittests 62.94% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@catenacyber catenacyber mentioned this pull request May 25, 2023
Closed
@catenacyber
Copy link
Contributor

Thanks for this @coledishington

What happens if we have 4 bytes of UDP header (instead of 0) ?

Should (or do we already) have another decode event when a layer is missing ?

@coledishington
Copy link
Contributor Author

@catenacyber A partial UDP header triggers the same decode-event failures. For my use case, the difference between a partial (4B) UDP header and zero byte UDP header is not significant. Thanks

@catenacyber
Copy link
Contributor

Thanks, could you open a new rebased Pull Request in Suricata with the reference to the new S-V PR ?

@coledishington
Copy link
Contributor Author

@catenacyber Created new pull request #8979. Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
2 participants
@coledishington @catenacyber