]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 97ebd3b) | patch
stream: set event for suspected data injection during 3whs
authorVictor Julien <victor@inliniac.net>
Wed, 24 Jan 2018 15:37:27 +0000 (16:37 +0100)
committerVictor Julien <victor@inliniac.net>
Mon, 12 Feb 2018 09:02:08 +0000 (10:02 +0100)
commit660c1de7ba7657e32e89cea0b16d51b265eaeb6e
treeb9b80f1ef2e16188c35503b09b23d17532aef47ctree
parent97ebd3b05acaab3ed0d0e1430d554443c023715fcommit | diff
stream: set event for suspected data injection during 3whs

This rule will match on the STREAM_3WHS_ACK_DATA_INJECT, that is
set if we're:
- in IPS mode
- get a data packet from the server
- that matches the exact SEQ/ACK expectations for the 3whs

The action of the rule is set to drop as the stream engine will drop.
So the rule action is actually not needed, but for consistency it
is drop.
rules/stream-events.rules diff | blob | blame | history
src/decode-events.c diff | blob | blame | history
src/decode-events.h diff | blob | blame | history
src/stream-tcp.c diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git