suricata decode/ipv4: add missing ip-in-ip case handling - 70x backport

decode/ipv4: add missing ip-in-ip case handling - 70x backport - v1

Open jufajardini opened this issue 5 months ago • 2 comments

A flow with IPv4 IP in IP traffic won't handle this tunneling case properly. This leads to potential malicious traffic not triggering alerts, as well as other inaccuracies in the logs.

Bug #7725

(cherry-picked from commit e3e24cfb3d6382507aaf390bf697efae9c5f6c64)

Link to ticket: https://redmine.openinfosecfoundation.org/issues/ https://redmine.openinfosecfoundation.org/issues/7726 https://redmine.openinfosecfoundation.org/issues/7725

Describe changes:

not exactly a cherry-pick, but same effect

Provide values to any of the below to override the defaults.

SV_BRANCH=https://github.com/OISF/suricata-verify/pull/2571

Jun 14 '25 00:06 jufajardini

suricata suricata copied to clipboard

decode/ipv4: add missing ip-in-ip case handling - 70x backport - v1

Provide values to any of the below to override the defaults.

suricata
suricata copied to clipboard