[Oisf-devel] ip fragments
chetan loke
loke.chetan at gmail.com
Sun Jul 3 15:29:06 UTC 2011
On Sat, Jul 2, 2011 at 3:05 AM, Victor Julien <victor at inliniac.net> wrote:
> On 07/01/2011 08:37 PM, chetan loke wrote:
>> Hello,
>>
>> Quick question:
>>
>> Suricata decoders can handle ip-fragments that arrive out-of-order,correct?
>>
>> As long as the fragments(of the flow-tuple) get routed to the same
>> socket we should be good, correct?
>
> Yes, thats right.
Ok, then I will rely on MF and ip_id to detect matching fragments.
> Victor Julien
Chetan Loke
More information about the Oisf-devel
mailing list