Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Improve analysis of TCP SYN/SYN-ACK reversal situations.

Browse source 
- Since it's just the handshake packets out of order, they're no
  longer treated as partial connections, which some protocol analyzers
  immediately refuse to look at.

- The TCP_Reassembler "is_orig" state failed to change, which led to
  protocol analyzers sometimes using the wrong value for that.

- Add a unit test which exercises the Connection::FlipRoles() code
  path (i.e. the SYN/SYN-ACK reversal situation).

Addresses BIT-1148.
This commit is contained in:
Jon Siwek 2014-03-11 16:56:17 -05:00
parent 063200c71a
commit 066473b1f1
7 changed files with 65 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/analyzer/protocol/tcp/TCP_Reassembler.h
View file

@ -28,9 +28,8 @@ public:
Forward, // forward to destination analyzer's children
};
TCP_Reassembler(Analyzer* arg_dst_analyzer,
TCP_Analyzer* arg_tcp_analyzer, Type arg_type,
bool arg_is_orig, TCP_Endpoint* arg_endp);
TCP_Reassembler(Analyzer* arg_dst_analyzer, TCP_Analyzer* arg_tcp_analyzer,
Type arg_type, TCP_Endpoint* arg_endp);
virtual ~TCP_Reassembler();
@ -135,7 +134,6 @@ private:
TCP_Analyzer* tcp_analyzer;
Type type;
bool is_orig;
};
} } // namespace analyzer::*