Snort mailing list archives
Re: TCP Urgent data causes HTTPInspect to fail and prevents PAF to flush
From: Russ <rucombs () cisco com>
Date: Fri, 16 Dec 2016 07:16:20 -0500
Will check it out, thanks! On 12/16/16 5:58 AM, hey wrote:
Thanks for the reply and the RFC. The issue affects snort 2.9.9.0 too. The one-line patch below makes PAF skip urgent data, please let me know if you see any problem with it. Thanks, ----------------- From: "Pierre Nicolas-Nicolaz, Future Systems" Date: Fri, 16 Dec 2016 10:33:24 +0000 Subject: [PATCH] Make PAF skip urgent data --- src/preprocessors/Stream6/snort_stream_tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/preprocessors/Stream6/snort_stream_tcp.c b/src/preprocessors/Stream6/snort_stream_tcp.c index 1280d1e..e18b628 100644 --- a/src/preprocessors/Stream6/snort_stream_tcp.c +++ b/src/preprocessors/Stream6/snort_stream_tcp.c @@ -9753,7 +9753,7 @@ static inline uint32_t flush_pdu_ips ( StreamTcpConfig *config, TcpSession *ssn, wire_packet = pkt; flush_policy_for_dir = trk->flush_mgr.flush_policy; flush_pt = s5_paf_check( config->paf_config, &trk->paf_state, ssn->scb, - seg->payload, size, total, seg->seq, srv_port, + seg->payload+seg->urg_offset, size, total, seg->seq, srv_port, flags, trk->flush_mgr.flush_pt); if (*flags & PKT_PURGE) {
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- TCP Urgent data causes HTTPInspect to fail and prevents PAF to flush hey (Dec 12)
- Re: TCP Urgent data causes HTTPInspect to fail and prevents PAF to flush Russ (Dec 13)
- Re: TCP Urgent data causes HTTPInspect to fail and prevents PAF to flush hey (Dec 16)
- Re: TCP Urgent data causes HTTPInspect to fail and prevents PAF to flush Russ (Dec 16)
- Re: TCP Urgent data causes HTTPInspect to fail and prevents PAF to flush hey (Dec 16)
- Re: TCP Urgent data causes HTTPInspect to fail and prevents PAF to flush Russ (Dec 13)