[
https://bro-tracker.atlassian.net/browse/BIT-883?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jon Siwek updated BIT-883:
--------------------------
Fix Version/s: (was: 2.4)
2.5
> Event for large number of extension headers
> -------------------------------------------
>
> Key: BIT-883
> URL: https://bro-tracker.atlassian.net/browse/BIT-883
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Reporter: sheharbano.k
> Fix For: 2.5
>
>
> We may want to generate an event for when the number of extension headers in
> a packet exceed a threshold T. Within a single packet, extension headers can
> be chained on and on. However, we are limited by path MTU. In this case
> fragmentation comes to our rescue. So the number of extension headers that
> can be stuffed inside the same packet is limited by the fragmentation offset
> which is a 13 bytes field in the fragment extension header. This number is
> still very big. I think we should perform this check in the core because
> counting the number of extension headers for every single IPv6 packet is
> expensive at the scripting layer.
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
