[Oisf-devel] Suggestions about feature #447
Victor Julien
victor at inliniac.net
Sat Jan 19 13:14:30 UTC 2013
On 01/19/2013 11:17 AM, giuseppe at securitymind.it wrote:
> On Fri, 18 Jan 2013 10:38:17 +0100, Victor Julien <victor at inliniac.net>
> wrote:
>> On 01/16/2013 03:29 PM, giuseppe at securitymind.it wrote:
>>>> What the timeout value should be set to is the destination OS' value.
>>> When it's reset, timeout value must be:
>>> tracker->timeout = Destination OS Value?
>>> or
>>> tracker->timeout = p->ts.tv_sec + defrag_context->timeout + Destination
>>> OS Value;
>>> ?
>>
>> I'd say just:
>> tracker->timeout = p->ts.tv_sec + Destination OS Value;
>>
>> If we don't know "Destination OS Value" for some reason, fall back to
>> "defrag_context->timeout".
>
> Good morning,
> I did commit the code I wrote, of course, is not yet finished.
> But I would like some feedbacks, suggestions, etc..
>
> Here you can see information about the commit:
> https://github.com/glongo/suricata/commit/f941c344fe87accfe90b1391f2135119a63017a1
I think this would work, but it can probably done in a more optimized
way. The OS of the 2 hosts in the tracker will not change, so ideally
you'd be looking them up only once per host for each tracker.
> In addition, I would ask:
> the value of frag_pool_size can be reset for each packet sent?
What would be the reason for that?
> the ip frag timeout values must be an option in yaml file? Otherwise,
> how can I set these these values?
I think as a first step it's great to use the defaults for each OS. Then
as a 2nd step it would be good to be able to set them to some other value.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list