From: Davis McPherson -X (davmcphe - XORIANT CORPORATION at Cisco) Date: Mon, 26 Feb 2024 16:32:16 +0000 (+0000) Subject: Pull request #4223: stream_tcp: update documentation for stream TCP alerts to include... X-Git-Tag: 3.1.82.0~18 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8145a24bcbb0ccf1594aadad8d414997d1e952a5;p=thirdparty%2Fsnort3.git Pull request #4223: stream_tcp: update documentation for stream TCP alerts to include the new 129:21 and 129:22 alerts Merge in SNORT/snort3 from ~DAVMCPHE/snort3:snort_reference_129_alert_updates to master Squashed commit of the following: commit 4bfdd56f461c81952330d5b35e76fb374692c502 Author: davis mcpherson Date: Fri Feb 23 10:31:41 2024 -0500 stream_tcp: update documentation for stream TCP alerts to include the new 129:21 and 129:22 alerts --- diff --git a/doc/reference/builtin_stubs.txt b/doc/reference/builtin_stubs.txt index 23caefc0f..c7fa1a4a3 100644 --- a/doc/reference/builtin_stubs.txt +++ b/doc/reference/builtin_stubs.txt @@ -280,7 +280,6 @@ There are several scenarios for this event. 2) The C flag is set but critical options are absent. 3) If the critical header present bit is set the option's length cannot be 0. - 116:184 The options length field extends past the end of the GENEVE header. @@ -1895,6 +1894,16 @@ TCP window was closed before receiving data. The TCP 3-way handshake was not seen for this TCP session. +129:21 + +The maximum bytes allowed to be queued for reassembly for an +endpoint has been exceeded. + +129:22 + +The maximum number of segments allowed to be queued for reassembly +for an endpoint has been exceeded. + 131:1 DNS Response Resource Record Type is Obsolete.