[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-1.4-137-g4c6463f
noreply at openinfosecfoundation.org
noreply at openinfosecfoundation.org
Fri Apr 19 07:06:15 UTC 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 4c6463f3784f533a07679589dab713096137a439 (commit)
from 00a691fc1b1960d444d21125d21890143ebb6d30 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4c6463f3784f533a07679589dab713096137a439
Author: Victor Julien <victor at inliniac.net>
Date: Sat Apr 6 20:54:25 2013 +0200
stream: handle extra different SYN/ACK
Until now, when processing the TCP 3 way handshake (3whs), retransmissions
of SYN/ACKs are silently accepted, unless they are different somehow. If
the SEQ or ACK values are different they are considered wrong and events
are set. The stream events rules will match on this.
In some cases, this is wrong. If the client missed the SYN/ACK, the server
may send a different one with a different SEQ. This commit deals with this.
As it is impossible to predict which one the client will accept, each is
added to a list. Then on receiving the final ACK from the 3whs, the list
is checked and the state is updated according to the queued SYN/ACK.
-----------------------------------------------------------------------
Summary of changes:
rules/stream-events.rules | 4 +-
src/decode-events.h | 1 +
src/detect-engine-event.h | 1 +
src/stream-tcp-private.h | 21 ++-
src/stream-tcp.c | 568 +++++++++++++++++++++++++++++++++++++++++++--
src/stream-tcp.h | 1 +
suricata.yaml.in | 5 +-
7 files changed, 582 insertions(+), 19 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list