Project

General

Profile

Actions
Copy link

Feature #6368

open
VJ VJ

stream/midstream: wscale setting

Feature #6368: stream/midstream: wscale setting

Added by Victor Julien over 2 years ago. Updated 6 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Victor Julien
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

When midstream pickup happens, we have missed the 3whs. In this case we assume wscale to be enabled and set to its max value (14). This gives a huge window, that can easily lead to packets getting accepted that most likely shouldn't be.

The idea here is to add a configurable value to the config that would be used instead of 14: `stream.midstream-wscale` or something.

Related issues 1 (0 open1 closed)

Related to Suricata - Feature #7713: detect: add tcp.wscale keyword to match on TCP wscale option valuesClosedVictor JulienActions

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
 #1

  • Assignee changed from OISF Dev to Victor Julien

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
 #2

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1

VJ Updated by Victor Julien 11 months ago Actions
Copy link
 #3

  • Related to Feature #7713: detect: add tcp.wscale keyword to match on TCP wscale option values added

VJ Updated by Victor Julien 10 months ago Actions
Copy link
 #4

  • Target version changed from 8.0.0-rc1 to 9.0.0-beta1

VJ Updated by Victor Julien 6 months ago Actions
Copy link
 #5

  • Status changed from New to Assigned
Actions
Copy link

Also available in: PDF Atom