Snort mailing list archives
[PATCH]: Change reserved bits in flags keyword to match RFC 3168
From: <Joshua.Kinard () us-cert gov>
Date: Mon, 20 Dec 2010 19:43:38 -0500
Hi snort-devel, In RFC 3168, Enhanced Congestion Notification (ECN) support was added to the IP specification. One of the changes was the use of the two formerly-reserved bits in the TCP Flags field. Snort currently marks these fields as '1' for reserved bit 1 and '2' for reserved bit 2. The attached patch changes this behavior. '1' is now 'C' and refers to the Congestion Window Reduced (CWR) bit. '2' is now 'E' and refers to the ECN-Echo (ECE) bit. The old values are still supported/parsed to avoid breaking any existing rulesets. Cheers, --J
Attachment:
snort-2.9.0.3-flags_rfc3168_compliant.patch
Description: snort-2.9.0.3-flags_rfc3168_compliant.patch
------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- [PATCH]: Change reserved bits in flags keyword to match RFC 3168 Joshua.Kinard (Dec 20)
- Re: [PATCH]: Change reserved bits in flags keyword to match RFC 3168 Joel Esler (Dec 20)
- Re: [PATCH]: Change reserved bits in flags keyword to match RFC 3168 Joel Esler (Dec 21)