Actions
Support #3259
closedIPv4 fragmentation
Affected Versions:
Label:
Description
Hello,
I am working on suricata, and I do several test cases with IP fragment replay.
I sent a flow [Frag1, Frag2, ..., Fragn, Frag11, Frag12, ..., Frag1m]: Fragn is last packet and Frag11, ... , Frag1m is repeat from Frag1,... Frag(n-1) with modify source port information (5577)
I saw the first time suricata can detect my source port (for example 5566), and I re-send it, I got my source port is 5577.
when I stop suricata and re-send it, I got my source port still 5577.
So my question is: Where does suricata keeps fragment packet? (is it not from memory?)
Thank you!
Actions