[Snort-devel] Stream5: Missing TCP connections with require_3whs
lothar at ...3002...
Thu Jan 8 08:10:42 EST 2009
I noticed that snort-22.214.171.124 does not recognize all possible TCP
connections when require_3whs is enabled for the Stream5 preprocessor.
A connection is missed if the TCP-Handshake packets (especially the
SYN-Pakets) have the ECN- or CWR-Flag set. This is due to stream5 only
checking for p->tcph->th_flags == TH_SYN, which is false if TH_SYN
_and_ TH_ECN are set.
I've created a patch against snort-126.96.36.199 (see attachment) that fixes
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Snort-devel