Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

flush ordered coalesce of olde connections using a timeout #25

Open
david415 opened this issue Feb 20, 2015 · 2 comments
Open

flush ordered coalesce of olde connections using a timeout #25

david415 opened this issue Feb 20, 2015 · 2 comments

Comments

@david415
Copy link
Owner

Connections that receive out-of-order packets will try to coalesce these packets until they receive the "next sequence" that they've been waiting for; then these contiguous TCP segments are pushed to the "stream"... However we must set a limit to the amount of time we are willing to await the "next sequence"... and if max time has been reached we skip over this next sequence and flush contiguous coalesced packets up to the assembled stream.

Put it another way: gopacket.tcpassembly has got some excellent design... and in their API FlushOlderThan is used for this purpose.

@david415
Copy link
Owner Author

Space boundaries are obviously safer than time boundaries for avoiding a DoS. Therefore this ticket is very low priority.

@david415 david415 removed their assignment Feb 20, 2015
@david415 david415 changed the title flush ordered coalesce of olde connections flush ordered coalesce of olde connections using a timeout May 26, 2015
@david415
Copy link
Owner Author

david415 commented Feb 8, 2016

it turns out that we need to do this correctly to fix a bug with analyzing pcap files. it other words... a pcap file could represent a tcp stream with out of order packets... the "next Sequence" gap may never be filled... but we should still analyze those packets for injection overlap case. and further we should push the stream segments along our normal processing pipeline.

this eventual action of pushing uncoalesced out of order TCP stream segments should then be triggered by the timestamp that is paired with the packet. when processing a pcap file we will utilize the timestamp found in the pcap file, when doing live packet capture we can use the wall clock.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant