[Bro] Bro: TCP reassembly question

Adayadil Thomas adayadil.thomas at gmail.com
Thu Jan 26 09:52:44 PST 2006


I have a couple of questions about BRO's tcp stream reassembly. Please reply
if you have answers.

When does bro allocate memory for doing reassembly (putting the different
blocks of data together) ?
Does it append to this same buffer when subsequent stream data comes ?
What is the size of the reassembly buffer ? Does that grow ? till what size
does it grow ?

Any information or pointers is appreciated.

Thanks a lot
