[Bro-Dev] #730: Find and fix tcp sequence counting bugs
Bro Tracker
bro at tracker.bro-ids.org
Fri Dec 14 15:09:42 PST 2012
#730: Find and fix tcp sequence counting bugs
----------------------+--------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: High | Milestone: Bro2.2
Component: Bro | Version:
Resolution: | Keywords:
----------------------+--------------------
Comment (by jsiwek):
In [81ae68be16c919c4a662aed5d29cdca86e401b15/bro]:
{{{
#!CommitTicketReference repository="bro"
revision="81ae68be16c919c4a662aed5d29cdca86e401b15"
Fix a case where c$resp$size is misrepresented. Addresses #730.
That field is based on TCP sequence numbers and on seeing a SYN followed
by a failed RST injection response, the initial sequence number tracked
the value in the injection (most likely zero) instead of value in
subsequent SYN response. This could make c$resp$size be set to large
values when it's not really.
Also removed some dead code paths.
}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/730#comment:5>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list