mirror of https://github.com/OISF/suricata
cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44b8be3732
If a TCP session is midstream, we may end up with a case where the start of an HTTP request is missing. We won't detect HTTP based on the request. However, the reply is fine, so we detect HTTP anyway. This leads to passing the incomplete request to the htp parser. This has been observed, where the http parser then saw many bogus requests in the incomplete data. This is not limited to HTTP. To counter this case, a midstream session MUST find it's protocol in the toserver direction. If not, we assume the start of the request/toserver is incomplete and no reliable detection and parsing is possible. So we give up. |
12 years ago | |
|---|---|---|
| benches | ||
| contrib | 12 years ago | |
| doc | 13 years ago | |
| m4 | 16 years ago | |
| qa | 12 years ago | |
| rules | 12 years ago | |
| scripts | 13 years ago | |
| src | 12 years ago | |
| .gitignore | 13 years ago | |
| COPYING | ||
| ChangeLog | 12 years ago | |
| LICENSE | 16 years ago | |
| Makefile.am | 12 years ago | |
| Makefile.cvs | ||
| acsite.m4 | 16 years ago | |
| autogen.sh | 13 years ago | |
| classification.config | 16 years ago | |
| config.rpath | 13 years ago | |
| configure.ac | 12 years ago | |
| doxygen.cfg | 12 years ago | |
| reference.config | 14 years ago | |
| suricata.yaml.in | 12 years ago | |
| threshold.config | 13 years ago | |