Re: [PATCH]: Change reserved bits in flags keyword to match RFC 3168

[Joel Esler <jesler () sourcefire com>]

Bug has been filed.

Joel

On Dec 20, 2010, at 7:43 PM, <Joshua.Kinard () us-cert gov> <Joshua.Kinard () us-cert gov> wrote:

> Hi snort-devel,
>
> In RFC 3168, Enhanced Congestion Notification (ECN) support was added to
> the IP specification.  One of the changes was the use of the two
> formerly-reserved bits in the TCP Flags field.  Snort currently marks
> these fields as '1' for reserved bit 1 and '2' for reserved bit 2.
>
> The attached patch changes this behavior.  '1' is now 'C' and refers to
> the Congestion Window Reduced (CWR) bit.  '2' is now 'E' and refers to
> the ECN-Echo (ECE) bit.  The old values are still supported/parsed to
> avoid breaking any existing rulesets.
>
> Cheers,
>
> --J
> <snort-2.9.0.3-flags_rfc3168_compliant.patch>------------------------------------------------------------------------------
> Lotusphere 2011
> Register now for Lotusphere 2011 and learn how
> to connect the dots, take your collaborative environment
> to the next level, and enter the era of Social Business.
> http://p.sf.net/sfu/lotusphere-d2d_______________________________________________
> Snort-devel mailing list
> Snort-devel () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-devel


------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel