Hi Arturo, > I would like to ask, What are your plans regarding wheezy?
Just jumping in here as I just had a look at backporting this patch. I think there might be some issues with the upstream patch anyway, eg.: https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8#commitcomment-21401303 Apart from that, how about: --- suricata-1.2.1.orig/src/defrag.c +++ suricata-1.2.1/src/defrag.c @@ -174,6 +174,8 @@ typedef struct DefragTracker_ { uint32_t id; /**< IP ID for this tracker. 32 bits for IPv6, 16 * for IPv4. */ + uint8_t proto; /**< IP protocol for this tracker. */ + uint8_t policy; /**< Reassembly policy this tracker will use. */ uint8_t af; /**< Address family for this tracker, AF_INET or @@ -268,6 +270,8 @@ DefragHashCompare(void *a, uint16_t a_le return 0; else if (!CMP_ADDR(&dta->dst_addr, &dtb->dst_addr)) return 0; + else if (dta->proto != dtb->proto) + return 0; /* Match. */ return 1; @@ -1140,6 +1144,7 @@ DefragGetTracker(ThreadVars *tv, DecodeT DefragTrackerReset(tracker); tracker->af = lookup_key->af; tracker->id = lookup_key->id; + tracker->proto = IP_GET_IPPROTO(p); tracker->src_addr = lookup_key->src_addr; tracker->dst_addr = lookup_key->dst_addr; tracker->policy = DefragGetOsPolicy(p); Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
