suricata: Update to 5.0.10
Commit Message
Changelog:
"5.0.10 -- 2022-07-12
Bug #5429: TCP flow that retransmits the SYN with a newer TSval not properly tracked (5.0.x backport)
[Note: Therefore 'suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch' could be removed]
Bug #5424: inspection of smb traffic without smb/dcerpc doesn't work correct. (5.0.x backport)
Bug #5423: DCERPC protocol detection when nested in SMB (5.0.x backport)
Bug #5404: detect: will still inspect packets of a "dropped" flow for non-TCP (5.0.x backport)
Bug #5388: detect/threshold: offline time handling issue (5.0.x backports)
Bug #5358: test failure on Ubuntu 22.04 with GCC 12 (5.0.x backport)
Bug #5354: detect/alert: fix segvfault when incrementing discarded alerts if alert-queue-expand fails (5.0.x backport)
Bug #5345: CIDR prefix calculation fails on big endian archs (5.0.x backport)
Bug #5343: ftp: quadratic complexity for tx iterator with linked list (5.0.x backport)
Bug #5341: decode/mime: base64 decoding for data with spaces is broken (5.0.x backport)
Bug #5339: PreProcessCommands does not handle all the edge cases (5.0.x backport)
Bug #5325: FTP: expectation created in wrong direction (5.0.x backport)
Bug #5305: cppcheck: various static analyzer "warning"s
Bug #5302: Failed assert DeStateSearchState
Bug #5301: eve: payload field randomly missing even if the packet field is present
Bug #5289: Remove unneeded stack-on-signal initialization.
Bug #5283: 5.0.x: ftp: don't let first incomplete segment be over maximum length
Bug #5124: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit (5.0.x backport)
Bug #5113: Off-by-one in flow-manager flow_hash row allocation
Bug #5055: Documentation copyright years are invalid
Bug #5021: dataset: error with space in rule language
Bug #4926: Rule error in SMB dce_iface and dce_opnum keywords (5.0.x backport)
Bug #4646: TCP reassembly, failed assert app_progress > last_ack_abs, both sides need to be pruned
Optimization #5123: alerts: use alert queing in DetectEngineThreadCtx (5.0.x backport)
Optimization #5121: Use configurable or more dynamic @ PACKET_ALERT_MAX@ (5.0.x backport)
Task #5322: stats/alert: log out to stats alerts that have been discarded from packet queue (5.0.x backport)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
lfs/suricata | 5 +-
...-Handle-retransmitted-SYN-with-TSval.patch | 55 -------------------
2 files changed, 2 insertions(+), 58 deletions(-)
delete mode 100644 src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
Comments
Exzellent work!
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
Am 13. Juli 2022 23:04:00 schrieb Matthias Fischer
<matthias.fischer@ipfire.org>:
> Changelog:
>
> "5.0.10 -- 2022-07-12
>
> Bug #5429: TCP flow that retransmits the SYN with a newer TSval not
> properly tracked (5.0.x backport)
> [Note: Therefore
> 'suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch' could
> be removed]
>
> Bug #5424: inspection of smb traffic without smb/dcerpc doesn't work
> correct. (5.0.x backport)
> Bug #5423: DCERPC protocol detection when nested in SMB (5.0.x backport)
> Bug #5404: detect: will still inspect packets of a "dropped" flow for
> non-TCP (5.0.x backport)
> Bug #5388: detect/threshold: offline time handling issue (5.0.x backports)
> Bug #5358: test failure on Ubuntu 22.04 with GCC 12 (5.0.x backport)
> Bug #5354: detect/alert: fix segvfault when incrementing discarded alerts
> if alert-queue-expand fails (5.0.x backport)
> Bug #5345: CIDR prefix calculation fails on big endian archs (5.0.x backport)
> Bug #5343: ftp: quadratic complexity for tx iterator with linked list
> (5.0.x backport)
> Bug #5341: decode/mime: base64 decoding for data with spaces is broken
> (5.0.x backport)
> Bug #5339: PreProcessCommands does not handle all the edge cases (5.0.x
> backport)
> Bug #5325: FTP: expectation created in wrong direction (5.0.x backport)
> Bug #5305: cppcheck: various static analyzer "warning"s
> Bug #5302: Failed assert DeStateSearchState
> Bug #5301: eve: payload field randomly missing even if the packet field is
> present
> Bug #5289: Remove unneeded stack-on-signal initialization.
> Bug #5283: 5.0.x: ftp: don't let first incomplete segment be over maximum
> length
> Bug #5124: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert
> limit (5.0.x backport)
> Bug #5113: Off-by-one in flow-manager flow_hash row allocation
> Bug #5055: Documentation copyright years are invalid
> Bug #5021: dataset: error with space in rule language
> Bug #4926: Rule error in SMB dce_iface and dce_opnum keywords (5.0.x backport)
> Bug #4646: TCP reassembly, failed assert app_progress > last_ack_abs, both
> sides need to be pruned
> Optimization #5123: alerts: use alert queing in DetectEngineThreadCtx
> (5.0.x backport)
> Optimization #5121: Use configurable or more dynamic @ PACKET_ALERT_MAX@
> (5.0.x backport)
> Task #5322: stats/alert: log out to stats alerts that have been discarded
> from packet queue (5.0.x backport)"
>
> Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
> ---
> lfs/suricata | 5 +-
> ...-Handle-retransmitted-SYN-with-TSval.patch | 55 -------------------
> 2 files changed, 2 insertions(+), 58 deletions(-)
> delete mode 100644
> src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
>
> diff --git a/lfs/suricata b/lfs/suricata
> index 1ebcb4ba4..1fbc2c185 100644
> --- a/lfs/suricata
> +++ b/lfs/suricata
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 5.0.9
> +VER = 5.0.10
>
> THISAPP = suricata-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 =
> 02ab99585233a47b1577e55060ba1141c339718e5bd39b6f4d38bb9384fd459aae353f313083048128507f9023a8bcfea3e5a5bcc9ea0c75cfc9c288ca9db6b6
> +$(DL_FILE)_BLAKE2 =
> b5c83b9882e89894c3dedb7f536d584a20bbeab24236752e528171db6589a6308422c8b0be4f433fc63b8cfc227aa0b67935a4aece943b10f4577398ea9ed467
>
> install : $(TARGET)
>
> @@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) :
> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> - cd $(DIR_APP) && patch -Np1 <
> $(DIR_SRC)/src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
> cd $(DIR_APP) && patch -Np1 <
> $(DIR_SRC)/src/patches/suricata/suricata-disable-sid-2210059.patch
> cd $(DIR_APP) && patch -Np1 <
> $(DIR_SRC)/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
> cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \
> diff --git
> a/src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
> b/src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
> deleted file mode 100644
> index 6bc745a0f..000000000
> ---
> a/src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
> +++ /dev/null
> @@ -1,55 +0,0 @@
> -From 511648b3d7a4b5a5b4d55b92dffd63fcb23903a0 Mon Sep 17 00:00:00 2001
> -From: Michael Tremer <michael.tremer@ipfire.org>
> -Date: Fri, 19 Nov 2021 17:17:47 +0000
> -Subject: [PATCH] stream: tcp: Handle retransmitted SYN with TSval
> -
> -For connections that use TCP timestamps for which the first SYN packet
> -does not reach the server, any replies to retransmitted SYNs will be
> -tropped.
> -
> -This is happening in StateSynSentValidateTimestamp, where the timestamp
> -value in a SYN-ACK packet must match the one from the SYN packet.
> -However, since the server never received the first SYN packet, it will
> -respond with an updated timestamp from any of the following SYN packets.
> -
> -The timestamp value inside suricata is not being updated at any time
> -which should happen. This patch fixes that problem.
> -
> -This problem was introduced in 9f0294fadca3dcc18c919424242a41e01f3e8318.
> -
> -Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
> ----
> - src/stream-tcp.c | 17 +++++++++++++++++
> - 1 file changed, 17 insertions(+)
> -
> -diff --git a/src/stream-tcp.c b/src/stream-tcp.c
> -index 1cff19fa5..af681760b 100644
> ---- a/src/stream-tcp.c
> -+++ b/src/stream-tcp.c
> -@@ -1641,6 +1641,23 @@ static int StreamTcpPacketStateSynSent(ThreadVars
> *tv, Packet *p,
> - "ssn->client.last_ack %"PRIu32"", ssn,
> - ssn->client.isn, ssn->client.next_seq,
> - ssn->client.last_ack);
> -+ } else if (PKT_IS_TOSERVER(p)) {
> -+ /*
> -+ * On retransmitted SYN packets, the timestamp value must be updated,
> -+ * to avoid dropping any SYN+ACK packets that respond to a
> retransmitted SYN
> -+ * with an updated timestamp in StateSynSentValidateTimestamp.
> -+ */
> -+ if ((ssn->client.flags & STREAMTCP_STREAM_FLAG_TIMESTAMP) &&
> TCP_HAS_TS(p)) {
> -+ uint32_t ts_val = TCP_GET_TSVAL(p);
> -+
> -+ // Check whether packets have been received in the
> correct order (only ever update)
> -+ if (ssn->client.last_ts < ts_val) {
> -+ ssn->client.last_ts = ts_val;
> -+ ssn->client.last_pkt_ts = p->ts.tv_sec;
> -+ }
> -+
> -+ SCLogDebug("ssn %p: Retransmitted SYN. Updated timestamp
> from packet %"PRIu64, ssn, p->pcap_cnt);
> -+ }
> - }
> -
> - /** \todo check if it's correct or set event */
> ---
> -2.30.2
> -
> --
> 2.25.1
You are missing a bracket:
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
> On 14 Jul 2022, at 10:34, Stefan Schantl <stefan.schantl@ipfire.org> wrote:
>
> Exzellent work!
>
> Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
>
>
> Am 13. Juli 2022 23:04:00 schrieb Matthias Fischer <matthias.fischer@ipfire.org>:
>
>> Changelog:
>>
>> "5.0.10 -- 2022-07-12
>>
>> Bug #5429: TCP flow that retransmits the SYN with a newer TSval not properly tracked (5.0.x backport)
>> [Note: Therefore 'suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch' could be removed]
>>
>> Bug #5424: inspection of smb traffic without smb/dcerpc doesn't work correct. (5.0.x backport)
>> Bug #5423: DCERPC protocol detection when nested in SMB (5.0.x backport)
>> Bug #5404: detect: will still inspect packets of a "dropped" flow for non-TCP (5.0.x backport)
>> Bug #5388: detect/threshold: offline time handling issue (5.0.x backports)
>> Bug #5358: test failure on Ubuntu 22.04 with GCC 12 (5.0.x backport)
>> Bug #5354: detect/alert: fix segvfault when incrementing discarded alerts if alert-queue-expand fails (5.0.x backport)
>> Bug #5345: CIDR prefix calculation fails on big endian archs (5.0.x backport)
>> Bug #5343: ftp: quadratic complexity for tx iterator with linked list (5.0.x backport)
>> Bug #5341: decode/mime: base64 decoding for data with spaces is broken (5.0.x backport)
>> Bug #5339: PreProcessCommands does not handle all the edge cases (5.0.x backport)
>> Bug #5325: FTP: expectation created in wrong direction (5.0.x backport)
>> Bug #5305: cppcheck: various static analyzer "warning"s
>> Bug #5302: Failed assert DeStateSearchState
>> Bug #5301: eve: payload field randomly missing even if the packet field is present
>> Bug #5289: Remove unneeded stack-on-signal initialization.
>> Bug #5283: 5.0.x: ftp: don't let first incomplete segment be over maximum length
>> Bug #5124: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit (5.0.x backport)
>> Bug #5113: Off-by-one in flow-manager flow_hash row allocation
>> Bug #5055: Documentation copyright years are invalid
>> Bug #5021: dataset: error with space in rule language
>> Bug #4926: Rule error in SMB dce_iface and dce_opnum keywords (5.0.x backport)
>> Bug #4646: TCP reassembly, failed assert app_progress > last_ack_abs, both sides need to be pruned
>> Optimization #5123: alerts: use alert queing in DetectEngineThreadCtx (5.0.x backport)
>> Optimization #5121: Use configurable or more dynamic @ PACKET_ALERT_MAX@ (5.0.x backport)
>> Task #5322: stats/alert: log out to stats alerts that have been discarded from packet queue (5.0.x backport)"
>>
>> Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
>> ---
>> lfs/suricata | 5 +-
>> ...-Handle-retransmitted-SYN-with-TSval.patch | 55 -------------------
>> 2 files changed, 2 insertions(+), 58 deletions(-)
>> delete mode 100644 src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
>>
>> diff --git a/lfs/suricata b/lfs/suricata
>> index 1ebcb4ba4..1fbc2c185 100644
>> --- a/lfs/suricata
>> +++ b/lfs/suricata
>> @@ -24,7 +24,7 @@
>>
>> include Config
>>
>> -VER = 5.0.9
>> +VER = 5.0.10
>>
>> THISAPP = suricata-$(VER)
>> DL_FILE = $(THISAPP).tar.gz
>> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>>
>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>
>> -$(DL_FILE)_BLAKE2 = 02ab99585233a47b1577e55060ba1141c339718e5bd39b6f4d38bb9384fd459aae353f313083048128507f9023a8bcfea3e5a5bcc9ea0c75cfc9c288ca9db6b6
>> +$(DL_FILE)_BLAKE2 = b5c83b9882e89894c3dedb7f536d584a20bbeab24236752e528171db6589a6308422c8b0be4f433fc63b8cfc227aa0b67935a4aece943b10f4577398ea9ed467
>>
>> install : $(TARGET)
>>
>> @@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) :
>> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>> @$(PREBUILD)
>> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
>> - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
>> cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-disable-sid-2210059.patch
>> cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
>> cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \
>> diff --git a/src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch b/src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
>> deleted file mode 100644
>> index 6bc745a0f..000000000
>> --- a/src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
>> +++ /dev/null
>> @@ -1,55 +0,0 @@
>> -From 511648b3d7a4b5a5b4d55b92dffd63fcb23903a0 Mon Sep 17 00:00:00 2001
>> -From: Michael Tremer <michael.tremer@ipfire.org>
>> -Date: Fri, 19 Nov 2021 17:17:47 +0000
>> -Subject: [PATCH] stream: tcp: Handle retransmitted SYN with TSval
>> -
>> -For connections that use TCP timestamps for which the first SYN packet
>> -does not reach the server, any replies to retransmitted SYNs will be
>> -tropped.
>> -
>> -This is happening in StateSynSentValidateTimestamp, where the timestamp
>> -value in a SYN-ACK packet must match the one from the SYN packet.
>> -However, since the server never received the first SYN packet, it will
>> -respond with an updated timestamp from any of the following SYN packets.
>> -
>> -The timestamp value inside suricata is not being updated at any time
>> -which should happen. This patch fixes that problem.
>> -
>> -This problem was introduced in 9f0294fadca3dcc18c919424242a41e01f3e8318.
>> -
>> -Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
>> ----
>> - src/stream-tcp.c | 17 +++++++++++++++++
>> - 1 file changed, 17 insertions(+)
>> -
>> -diff --git a/src/stream-tcp.c b/src/stream-tcp.c
>> -index 1cff19fa5..af681760b 100644
>> ---- a/src/stream-tcp.c
>> -+++ b/src/stream-tcp.c
>> -@@ -1641,6 +1641,23 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p,
>> - "ssn->client.last_ack %"PRIu32"", ssn,
>> - ssn->client.isn, ssn->client.next_seq,
>> - ssn->client.last_ack);
>> -+ } else if (PKT_IS_TOSERVER(p)) {
>> -+ /*
>> -+ * On retransmitted SYN packets, the timestamp value must be updated,
>> -+ * to avoid dropping any SYN+ACK packets that respond to a retransmitted SYN
>> -+ * with an updated timestamp in StateSynSentValidateTimestamp.
>> -+ */
>> -+ if ((ssn->client.flags & STREAMTCP_STREAM_FLAG_TIMESTAMP) && TCP_HAS_TS(p)) {
>> -+ uint32_t ts_val = TCP_GET_TSVAL(p);
>> -+
>> -+ // Check whether packets have been received in the correct order (only ever update)
>> -+ if (ssn->client.last_ts < ts_val) {
>> -+ ssn->client.last_ts = ts_val;
>> -+ ssn->client.last_pkt_ts = p->ts.tv_sec;
>> -+ }
>> -+
>> -+ SCLogDebug("ssn %p: Retransmitted SYN. Updated timestamp from packet %"PRIu64, ssn, p->pcap_cnt);
>> -+ }
>> - }
>> -
>> - /** \todo check if it's correct or set event */
>> ---
>> -2.30.2
>> -
>> --
>> 2.25.1
>
@@ -24,7 +24,7 @@
include Config
-VER = 5.0.9
+VER = 5.0.10
THISAPP = suricata-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 02ab99585233a47b1577e55060ba1141c339718e5bd39b6f4d38bb9384fd459aae353f313083048128507f9023a8bcfea3e5a5bcc9ea0c75cfc9c288ca9db6b6
+$(DL_FILE)_BLAKE2 = b5c83b9882e89894c3dedb7f536d584a20bbeab24236752e528171db6589a6308422c8b0be4f433fc63b8cfc227aa0b67935a4aece943b10f4577398ea9ed467
install : $(TARGET)
@@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-disable-sid-2210059.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \
deleted file mode 100644
@@ -1,55 +0,0 @@
-From 511648b3d7a4b5a5b4d55b92dffd63fcb23903a0 Mon Sep 17 00:00:00 2001
-From: Michael Tremer <michael.tremer@ipfire.org>
-Date: Fri, 19 Nov 2021 17:17:47 +0000
-Subject: [PATCH] stream: tcp: Handle retransmitted SYN with TSval
-
-For connections that use TCP timestamps for which the first SYN packet
-does not reach the server, any replies to retransmitted SYNs will be
-tropped.
-
-This is happening in StateSynSentValidateTimestamp, where the timestamp
-value in a SYN-ACK packet must match the one from the SYN packet.
-However, since the server never received the first SYN packet, it will
-respond with an updated timestamp from any of the following SYN packets.
-
-The timestamp value inside suricata is not being updated at any time
-which should happen. This patch fixes that problem.
-
-This problem was introduced in 9f0294fadca3dcc18c919424242a41e01f3e8318.
-
-Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
----
- src/stream-tcp.c | 17 +++++++++++++++++
- 1 file changed, 17 insertions(+)
-
-diff --git a/src/stream-tcp.c b/src/stream-tcp.c
-index 1cff19fa5..af681760b 100644
---- a/src/stream-tcp.c
-+++ b/src/stream-tcp.c
-@@ -1641,6 +1641,23 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p,
- "ssn->client.last_ack %"PRIu32"", ssn,
- ssn->client.isn, ssn->client.next_seq,
- ssn->client.last_ack);
-+ } else if (PKT_IS_TOSERVER(p)) {
-+ /*
-+ * On retransmitted SYN packets, the timestamp value must be updated,
-+ * to avoid dropping any SYN+ACK packets that respond to a retransmitted SYN
-+ * with an updated timestamp in StateSynSentValidateTimestamp.
-+ */
-+ if ((ssn->client.flags & STREAMTCP_STREAM_FLAG_TIMESTAMP) && TCP_HAS_TS(p)) {
-+ uint32_t ts_val = TCP_GET_TSVAL(p);
-+
-+ // Check whether packets have been received in the correct order (only ever update)
-+ if (ssn->client.last_ts < ts_val) {
-+ ssn->client.last_ts = ts_val;
-+ ssn->client.last_pkt_ts = p->ts.tv_sec;
-+ }
-+
-+ SCLogDebug("ssn %p: Retransmitted SYN. Updated timestamp from packet %"PRIu64, ssn, p->pcap_cnt);
-+ }
- }
-
- /** \todo check if it's correct or set event */
-2.30.2
-