You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Victor Julien 6b0ff0193d stream: detect and filter out bad window updates ... Reported in bug 1238 is an issue where stream reassembly can be disrupted. A packet that was in-window, but otherwise unexpected set the window to a really low value, causing the next *expected* packet to be considered out of window. This lead to missing data in the stream reassembly. The packet was unexpected in various ways: - it would ack unseen traffic - it's sequence number would not match the expected next_seq - set a really low window, while not being a proper window update Detection however, it greatly hampered by the fact that in case of packet loss, quite similar packets come in. Alerting in this case is unwanted. Ignoring/skipping packets in this case as well. The logic used in this patch is as follows. If: - the packet is not a window update AND - packet seq > next_seq AND - packet acq > next_seq (packet acks unseen data) AND - packet shrinks window more than it's own data size THEN set event and skip the packet in the stream engine. So in case of a segment with no data, any window shrinking is rejected. Bug #1238.		11 years ago
..
Makefile.am	Make sure tls-events is part of the dist	11 years ago
decoder-events.rules	ipv6: set event on unsupported nh	11 years ago
dns-events.rules	dns: fix message of decoder rule 2240008	11 years ago
files.rules	file handling: add example files.rules file	13 years ago
http-events.rules	http: add new events for invalid host header and host part of uri	12 years ago
smtp-events.rules	Add example smtp decoding events rules file.	13 years ago
stream-events.rules	stream: detect and filter out bad window updates	11 years ago
tls-events.rules	tls: check SSL3/TLS version per record	11 years ago