Merge in SNORT/snort3 from ~MASHASAN/snort3:small_segs to master
Squashed commit of the following:
commit
52982070e9dd55f4b2e5dcd01031b1311087e412
Author: Masud Hasan <mashasan@cisco.com>
Date: Wed Mar 2 10:44:58 2022 -0500
stream_tcp: Clarify small segments help text and remove usage from lua
129:12
-Consecutive TCP small segments exceed the configured threshold. The size required to be a small segment can
-be configured via stream_tcp.small_segments.maximum_size, and the maximum number of these small segments can be configured
+Consecutive (in the order of received packets, not the order of sequence numbers) TCP small segments exceed the configured threshold. The size required to be a small segment can be configured via stream_tcp.small_segments.maximum_size, and the maximum number of these small segments can be configured
with int stream_tcp.small_segments.count.
129:13
stream_ip.min_frag_length = 100
-stream_tcp.small_segments =
-{
- count = 3,
- maximum_size = 150,
-}
-
telnet.check_encrypted = true
telnet.normalize = true
stream_ip.min_frag_length = 100
-stream_tcp.small_segments =
-{
- count = 3,
- maximum_size = 150,
-}
-
telnet.check_encrypted = true
telnet.normalize = true
static const Parameter stream_tcp_small_params[] =
{
{ "count", Parameter::PT_INT, "0:2048", "0",
- "number of consecutive TCP small segments considered to be excessive (129:12)" },
+ "number of consecutive (in the received order) TCP small segments considered to be excessive (129:12)" },
{ "maximum_size", Parameter::PT_INT, "0:2048", "0",
"minimum bytes for a TCP segment not to be considered small (129:12)" },
projects / thirdparty / snort3.git / commitdiff
