Snort mailing list archives
Re: [PATCH]: Change reserved bits in flags keyword to match RFC 3168
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 21 Dec 2010 09:33:51 -0500
Bug has been filed. Joel On Dec 20, 2010, at 7:43 PM, <Joshua.Kinard () us-cert gov> <Joshua.Kinard () us-cert gov> wrote:
Hi snort-devel, In RFC 3168, Enhanced Congestion Notification (ECN) support was added to the IP specification. One of the changes was the use of the two formerly-reserved bits in the TCP Flags field. Snort currently marks these fields as '1' for reserved bit 1 and '2' for reserved bit 2. The attached patch changes this behavior. '1' is now 'C' and refers to the Congestion Window Reduced (CWR) bit. '2' is now 'E' and refers to the ECN-Echo (ECE) bit. The old values are still supported/parsed to avoid breaking any existing rulesets. Cheers, --J <snort-2.9.0.3-flags_rfc3168_compliant.patch>------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- [PATCH]: Change reserved bits in flags keyword to match RFC 3168 Joshua.Kinard (Dec 20)
- Re: [PATCH]: Change reserved bits in flags keyword to match RFC 3168 Joel Esler (Dec 20)
- Re: [PATCH]: Change reserved bits in flags keyword to match RFC 3168 Joel Esler (Dec 21)