Project

General

Profile

Actions

Bug #2118

closed

defrag - overlap issue in linux policy

Added by Jason Ish over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

When two fragment overlap one another, suricata seems to privilege data from the fragment with the lower offset, when the linux convention seems to keep the first (in time) data received.

This appears to be an edge case not handled by the existing unit tests.

Reported by Jérémy Beaume.

Actions

Also available in: Atom PDF