[Oisf-devel] Suggestions about feature #447

giuseppe at securitymind.it giuseppe at securitymind.it
Wed Jan 16 09:25:38 UTC 2013


On Tue, 15 Jan 2013 18:14:56 +0100, Victor Julien <victor at inliniac.net>
wrote:
> (please keep this on list)
> 
> On 01/15/2013 06:10 PM, giuseppe at securitymind.it wrote:
>> On Tue, 15 Jan 2013 10:58:50 +0100, Victor Julien <victor at inliniac.net>
>> wrote:
>>> On 01/14/2013 09:03 PM, giuseppe at securitymind.it wrote:
>>>> Hi,
>>>> These past days I studied the code regarding defragmentation
>>>> to understand how it works and to implement the best features
>>>> discussed.
>>>>
>>>> If I understand correctly, in the function DefragContextNew, I have to
>>>> setup the correct ip frag timeout value
>>>> in the variabile timeout.
>>>>
>>>> The value to be used can be taken by the function DefragGetOsPolicy,
>>>> which according to the destination address returns me the OS type,
>>>> right?
>>>
>>> Sounds right :)
>>
>> This value (src/defrag.c, line 546):
>> tracker->timeout = p->ts.tv_sec + defrag_context->timeout;
>>
>> is regarding to ip fragmentation time out value?
> 
> Yes, the timeout is reset for each packet.

Well, then, the timeout value in DefragContextNew should match ip frag
timeout value of the OS that's running suricata
and then reset with the ip frag timeout value of the destination OS?



More information about the Oisf-devel mailing list