Snort mailing list archives
Re: [PATCH]: Count discards in DecodeTCP (src/decode.c)
From: <Joshua.Kinard () us-cert gov>
Date: Mon, 15 Aug 2011 18:37:54 -0500
From: Russ Combs [mailto:rcombs () sourcefire com]
Thanks Joshua. I'm thinking that case isn't a real discard due to the unsure-encapsulation, but I do see that it brings into question at least some of the UDP cases. We'll take a closer look and get back to you.
Okay, thanks Russ! Please let me know the correct course of action. I am emulating this bit in the SCTP decoder I am working on and don't want to emulate incorrect behavior. I did notice that 2.9.0.5 is easily confused by ESP packets, often misinterpreting them as other protocols. 2.9.1 fixes this, and I suspect it is this particular code block in each of the Decode* functions. Cheers, --J ------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- [PATCH]: Count discards in DecodeTCP (src/decode.c) Joshua.Kinard (Aug 12)
- Re: [PATCH]: Count discards in DecodeTCP (src/decode.c) Russ Combs (Aug 15)
- Re: [PATCH]: Count discards in DecodeTCP (src/decode.c) Joshua.Kinard (Aug 15)
- Re: [PATCH]: Count discards in DecodeTCP (src/decode.c) Russ Combs (Aug 15)