david415
commented
9 years ago This issue is somewhat resolved in this feature development branch: https://github.com/david415/HoneyBadger/tree/ordered-coalesce-1
Although there are some missing pieces... it is mostly done.
We'd really like to scan for TCP injection attacks of a given connection even if we start watching that connection after that handshake has been completed. We should do what gopacket tcpassembly does... that is push the packets onto a packet reordering doubly linked list... and emit contiguous stream segments after some time duration to force such buffer flushes.
A prerequisite to resolving this issue is obviously out-of-order packet reordering...