[Snort-devel] question about a change made.
Kreimendahl, Chad J
Chad.Kreimendahl at ...1167...
Mon Jun 10 08:42:06 EDT 2002
My bad... The actual code shows it being called correctly... A quick peek
over at the page I have open with the diff shows them reversed... But all
the rest are right. Reloaded just now, and it switched them to the way it's
supposed to be. Odd...
From: Chris Green [mailto:cmg at ...402...]
Sent: Monday, June 10, 2002 10:16 AM
To: Kreimendahl, Chad J
Cc: Snort-Devel (snort-devel at lists.sourceforge.net)
Subject: Re: [Snort-devel] question about a change made.
"Kreimendahl, Chad J" <Chad.Kreimendahl at ...1167...> writes:
> This question relates to the last update made to stream4. The wonderful
> CVS page showed this change, which made me a little curious. If you've
> asynchronus_link, then wouldn't you want to call the one that handled
> I've pasted a bit of the code from TcpActionAsync... It appears to be the
> only major difference between TcpAction and TcpActionAsync is what i've
Thats the thing I just updated so the Async one is called at the
correct time and not otherwise. Do you see it being different than
that? If so, please show a line number :)
> Also, if that's the only difference in code... why not just make
> TcpActionAsync call TcpAction after it's run that one difference before
> Would save you from having to update code in multiple places when you had
> make a change...
Right now, the difference is trivial and the client side will just
treat what it's seen as acked ( so it's vulnerable to overlapping
attacks ). Eventually, better detection of this on the async side
will be needed and the approach to it will be vastly different than
the state machine that we use for the normal case.
The async one shouldn't be used if you can help it but some people
have to put IDS on lines they can only see 1/2 the traffic and some is
better than nothing.
Chris Green <cmg at ...402...>
"Yeah, but you're taking the universe out of context."
More information about the Snort-devel