|
|
|
|
|
|
by colanderman
2284 days ago
|
|
|
The DPI doesn't need to buffer packets. Searches like this are performed using a regex compiled as a DFA or similar state machine. The state maintained per flow is a few machine words at most. You'd have better luck sending the TCP packets out-of-order. But some DPI boxes will buffer these to a small degree to catch such shenanigans. Source: in a previous life I worked on the layer-7 inspection subsystem (among others) of a DPI box. EDIT: Also what @cpitman said. DPI boxes will often err on the side of caution. The DPI will happily kill your goofy-but-standards-compliant flow if it can't figure out that it's safe. |
|
|