[Bro-Dev] #883: Event for large number of extension headers
Bro Tracker
bro at tracker.bro-ids.org
Mon Sep 24 12:17:05 PDT 2012
#883: Event for large number of extension headers
--------------------------+---------------------
Reporter: sheharbano.k | Type: Problem
Status: new | Priority: Normal
Milestone: Bro2.2 | Component: Bro
Version: git/master | Keywords:
--------------------------+---------------------
We may want to generate an event for when the number of extension headers
in a packet exceed a threshold T. Within a single packet, extension
headers can be chained on and on. However, we are limited by path MTU. In
this case fragmentation comes to our rescue. So the number of extension
headers that can be stuffed inside the same packet is limited by the
fragmentation offset which is a 13 bytes field in the fragment extension
header. This number is still very big. I think we should perform this
check in the core because counting the number of extension headers for
every single IPv6 packet is expensive at the scripting layer.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/883>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list