[Snort-devel] [PATCH]: Count discards in DecodeTCP (src/decode.c)

Russ Combs rcombs at ...402...
Mon Aug 15 18:48:52 EDT 2011


Thanks Joshua.

I'm thinking that case isn't a real discard due to the unsure-encapsulation,
but I do see that it brings into question at least some of the UDP cases.

We'll take a closer look and get back to you.

On Fri, Aug 12, 2011 at 9:00 PM, <Joshua.Kinard at ...3108...> wrote:

>
> Hi snort-devel,
>
> In DecodeUDP, there is a check for Teredo/ESP, and if found, the UDP
> header is set to NULL and the 'discards' and 'udisc' counts are
> incremented in 'pc' (via a call to PopUdp()).  In DecodeTCP, in the same
> check for Teredo/ESP, the TCP header is set to NULL, but neither
> 'discards' nor 'tdisc' are incremented.  The attached patch fixes this.
>
> Cheers!,
>
> --J
>
>
> ------------------------------------------------------------------------------
> FREE DOWNLOAD - uberSVN with Social Coding for Subversion.
> Subversion made easy with a complete admin console. Easy
> to use, easy to manage, easy to install, easy to extend.
> Get a Free download of the new open ALM Subversion platform now.
> http://p.sf.net/sfu/wandisco-dev2dev
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110815/db9a836d/attachment.html>


More information about the Snort-devel mailing list