Re: [PATCH]: Count discards in DecodeTCP (src/decode.c)

[Russ Combs <rcombs () sourcefire com>]

Thanks Joshua.

I'm thinking that case isn't a real discard due to the unsure-encapsulation,
but I do see that it brings into question at least some of the UDP cases.

We'll take a closer look and get back to you.

On Fri, Aug 12, 2011 at 9:00 PM, <Joshua.Kinard () us-cert gov> wrote:

> Hi snort-devel,
>
> In DecodeUDP, there is a check for Teredo/ESP, and if found, the UDP
> header is set to NULL and the 'discards' and 'udisc' counts are
> incremented in 'pc' (via a call to PopUdp()).  In DecodeTCP, in the same
> check for Teredo/ESP, the TCP header is set to NULL, but neither
> 'discards' nor 'tdisc' are incremented.  The attached patch fixes this.
>
> Cheers!,
>
> --J
>
>
> ------------------------------------------------------------------------------
> FREE DOWNLOAD - uberSVN with Social Coding for Subversion.
> Subversion made easy with a complete admin console. Easy
> to use, easy to manage, easy to install, easy to extend.
> Get a Free download of the new open ALM Subversion platform now.
> http://p.sf.net/sfu/wandisco-dev2dev
> _______________________________________________
> Snort-devel mailing list
> Snort-devel () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------------------------------
uberSVN's rich system and user administration capabilities and model 
configuration take the hassle out of deploying and managing Subversion and 
the tools developers use with it. Learn more about uberSVN and get a free 
download at:  http://p.sf.net/sfu/wandisco-dev2dev

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel