comparison of flows before one of them is initialized.
solution:
let's always treat the first packet as if it's from the client?
at the moment i'm not too worried about solving for the edge case where we miss the first packet in the handshake and we are therefor confused about which is the client versus server. not a very important distinction if what we are interested in is detecting injection attacks.
problem:
solution: let's always treat the first packet as if it's from the client? at the moment i'm not too worried about solving for the edge case where we miss the first packet in the handshake and we are therefor confused about which is the client versus server. not a very important distinction if what we are interested in is detecting injection attacks.