[Bro-Dev] [Bro-Commits] [git/bro] topic/jsiwek/bit-1246: Fix issue w/ TCP reassembler not delivering some segments. (f1cef9d)
Seth Hall
seth at icir.org
Fri Sep 12 06:10:12 PDT 2014
On Sep 11, 2014, at 11:59 AM, Jonathan Siwek <jsiwek at ncsa.illinois.edu> wrote:
> + // Only report on content gaps for connections that
> + // are in a cleanly established state. In other
> + // states, these can arise falsely due to things
> + // like sequence number mismatches in RSTs, or
> + // unseen previous packets in partial connections.
> + // The one opportunity we lose here is on clean FIN
> + // handshakes, but Oh Well.
If I'm reading this right, this seems like an undesirable outcome. If Bro starts and a connection is in the middle, does this mean we wouldn't see any content gaps for that connection?
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the bro-dev
mailing list