#883: Event for large number of extension headers --------------------------+--------------------- Reporter: sheharbano.k | Type: Problem Status: new | Priority: Normal Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: --------------------------+--------------------- We may want to generate an event for when the number of extension headers in a packet exceed a threshold T. Within a single packet, extension headers can be chained on and on. However, we are limited by path MTU. In this case fragmentation comes to our rescue. So the number of extension headers that can be stuffed inside the same packet is limited by the fragmentation offset which is a 13 bytes field in the fragment extension header. This number is still very big. I think we should perform this check in the core because counting the number of extension headers for every single IPv6 packet is expensive at the scripting layer.
-- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/883> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
