We'd really like to scan for TCP injection attacks of a given connection even if we start watching that connection after that handshake has been completed. We should do what gopacket tcpassembly does... that is push the packets onto a packet reordering doubly linked list... and emit contiguous stream segments after some time duration to force such buffer flushes.
A prerequisite to resolving this issue is obviously out-of-order packet reordering...
We'd really like to scan for TCP injection attacks of a given connection even if we start watching that connection after that handshake has been completed. We should do what gopacket tcpassembly does... that is push the packets onto a packet reordering doubly linked list... and emit contiguous stream segments after some time duration to force such buffer flushes.
A prerequisite to resolving this issue is obviously out-of-order packet reordering...