mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Until now, when processing the TCP 3 way handshake (3whs), retransmissions of SYN/ACKs are silently accepted, unless they are different somehow. If the SEQ or ACK values are different they are considered wrong and events are set. The stream events rules will match on this. In some cases, this is wrong. If the client missed the SYN/ACK, the server may send a different one with a different SEQ. This commit deals with this. As it is impossible to predict which one the client will accept, each is added to a list. Then on receiving the final ACK from the 3whs, the list is checked and the state is updated according to the queued SYN/ACK. |
13 years ago | |
---|---|---|
.. | ||
Makefile.am | 14 years ago | |
decoder-events.rules | 13 years ago | |
files.rules | 14 years ago | |
http-events.rules | 13 years ago | |
smtp-events.rules | 14 years ago | |
stream-events.rules | 13 years ago | |
tls-events.rules | 14 years ago |