Is Packetbeat able to deal with that resending of packets or out of order packets?
what kind of packets? UDP or TCP? You really mean packets or messages on application layer?
For TCP, the TCP stream will be constructed based on sequence number. If packets is received again it will be removed due to having processed the sequence number earlier. TCP stream handler also deals with packet reordering.
For UDP we have no deduplication implemented. UDP packets will be processed as received.
1 Like
Hi Steffen,
Thanks for your reply,
What I meant was packets for TCP,
and I understand what you explained.
Thanks again,
Mingchun
How does reordering of TCP work? I don't see a buffer where packets are stored and reordered for atmost 'tcp_reordering' times. As far as I understood, tcp packets are assumed in order, if there is an out of order packet detected then the module is asked if the gaps can be neglected and even then things make sense. If the answer is yes the packet is added to stream or stream is deleted saying nothing can be made out of data due to the gap. Aren't we dropping the stream too early ? Might be a noob question if I missed some aspect in the code
@Kalyana_Sundaram you're fully right. Just checked the code again and I don't see any buffering either. No idea why I've thought we've buffering and reordering implemented. Thanks for pointing this out.
I created a github issue. Feel free to comment there or submit a PR 