[Oisf-devel] Suggestions about feature #447

giuseppe at securitymind.it giuseppe at securitymind.it
Sat Jan 19 10:17:07 UTC 2013


On Fri, 18 Jan 2013 10:38:17 +0100, Victor Julien <victor at inliniac.net>
wrote:
> On 01/16/2013 03:29 PM, giuseppe at securitymind.it wrote:
>>> What the timeout value should be set to is the destination OS' value.
>> When it's reset, timeout value must be:
>> tracker->timeout = Destination OS Value?
>> or
>> tracker->timeout = p->ts.tv_sec + defrag_context->timeout + Destination
>> OS Value;
>> ?
> 
> I'd say just:
> tracker->timeout = p->ts.tv_sec + Destination OS Value;
> 
> If we don't know "Destination OS Value" for some reason, fall back to
> "defrag_context->timeout".

Good morning,
I did commit the code I wrote, of course, is not yet finished.
But I would like some feedbacks, suggestions, etc..

Here you can see information about the commit:
https://github.com/glongo/suricata/commit/f941c344fe87accfe90b1391f2135119a63017a1

In addition, I would ask:
the value of frag_pool_size can be reset for each packet sent?
the ip frag timeout values must be an option in yaml file? Otherwise,
how can I set these these values?

Have a nice day



More information about the Oisf-devel mailing list