[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-1.4-137-g4c6463f

noreply at openinfosecfoundation.org noreply at openinfosecfoundation.org
Fri Apr 19 07:06:15 UTC 2013

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  4c6463f3784f533a07679589dab713096137a439 (commit)
      from  00a691fc1b1960d444d21125d21890143ebb6d30 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4c6463f3784f533a07679589dab713096137a439
Author: Victor Julien <victor at inliniac.net>
Date:   Sat Apr 6 20:54:25 2013 +0200

    stream: handle extra different SYN/ACK
    Until now, when processing the TCP 3 way handshake (3whs), retransmissions
    of SYN/ACKs are silently accepted, unless they are different somehow. If
    the SEQ or ACK values are different they are considered wrong and events
    are set. The stream events rules will match on this.
    In some cases, this is wrong. If the client missed the SYN/ACK, the server
    may send a different one with a different SEQ. This commit deals with this.
    As it is impossible to predict which one the client will accept, each is
    added to a list. Then on receiving the final ACK from the 3whs, the list
    is checked and the state is updated according to the queued SYN/ACK.


Summary of changes:
 rules/stream-events.rules |    4 +-
 src/decode-events.h       |    1 +
 src/detect-engine-event.h |    1 +
 src/stream-tcp-private.h  |   21 ++-
 src/stream-tcp.c          |  568 +++++++++++++++++++++++++++++++++++++++++++--
 src/stream-tcp.h          |    1 +
 suricata.yaml.in          |    5 +-
 7 files changed, 582 insertions(+), 19 deletions(-)


More information about the Oisf-devel mailing list