[Oisf-devel] Suggestions about feature #447
Victor Julien
victor at inliniac.net
Wed Jan 16 12:27:07 UTC 2013
On 01/16/2013 10:25 AM, giuseppe at securitymind.it wrote:
> On Tue, 15 Jan 2013 18:14:56 +0100, Victor Julien <victor at inliniac.net>
> wrote:
>> (please keep this on list)
>>
>> On 01/15/2013 06:10 PM, giuseppe at securitymind.it wrote:
>>> On Tue, 15 Jan 2013 10:58:50 +0100, Victor Julien <victor at inliniac.net>
>>> wrote:
>>>> On 01/14/2013 09:03 PM, giuseppe at securitymind.it wrote:
>>>>> Hi,
>>>>> These past days I studied the code regarding defragmentation
>>>>> to understand how it works and to implement the best features
>>>>> discussed.
>>>>>
>>>>> If I understand correctly, in the function DefragContextNew, I have to
>>>>> setup the correct ip frag timeout value
>>>>> in the variabile timeout.
>>>>>
>>>>> The value to be used can be taken by the function DefragGetOsPolicy,
>>>>> which according to the destination address returns me the OS type,
>>>>> right?
>>>>
>>>> Sounds right :)
>>>
>>> This value (src/defrag.c, line 546):
>>> tracker->timeout = p->ts.tv_sec + defrag_context->timeout;
>>>
>>> is regarding to ip fragmentation time out value?
>>
>> Yes, the timeout is reset for each packet.
>
> Well, then, the timeout value in DefragContextNew should match ip frag
> timeout value of the OS that's running suricata
> and then reset with the ip frag timeout value of the destination OS?
>
The OS that is used by the box running Suricata isn't important.
What the timeout value should be set to is the destination OS' value.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list