[Bro-Dev] #883: Event for large number of extension headers

[Bro Tracker]

#883: Event for large number of extension headers
--------------------------+---------------------
 Reporter:  sheharbano.k  |       Type:  Problem
   Status:  new           |   Priority:  Normal
Milestone:  Bro2.2        |  Component:  Bro
  Version:  git/master    |   Keywords:
--------------------------+---------------------
 We may want to generate an event for when the number of extension headers
 in a packet exceed a threshold T. Within a single packet, extension
 headers can be chained on and on. However, we are limited by path MTU. In
 this case fragmentation comes to our rescue. So the number of extension
 headers that can be stuffed inside the same packet is limited by the
 fragmentation offset which is a 13 bytes field in the fragment extension
 header. This number is still very big. I think we should perform this
 check in the core because counting the number of extension headers for
 every single IPv6 packet is expensive at the scripting layer.

-- 
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/883>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker