[Bro-Dev] [JIRA] (BIT-1248) TCP gaps inserted in wrong place in HTTP range request
Jimmy Jones (JIRA)
jira at bro-tracker.atlassian.net
Wed Sep 10 09:02:07 PDT 2014
Jimmy Jones created BIT-1248:
--------------------------------
Summary: TCP gaps inserted in wrong place in HTTP range request
Key: BIT-1248
URL: https://bro-tracker.atlassian.net/browse/BIT-1248
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Environment: CentOS 6
Reporter: Jimmy Jones
Attachments: http-range-hole1.pcap, http-range.pcap
See attached testcases, one with packet #10 missing.
Putting this through the file extraction framework with the script below, the hole is not inserted at the correct point (the data either side of the hole is side by side). I believe this may be because HTTP.cc calls DataIn with an offset argument, which isn't updated for missing packets.
Bug still exists with BIT-1240 applied.
event file_new(f: fa_file)
{ Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=f$id]); }
--
This message was sent by Atlassian JIRA
(v6.4-OD-04-006#64001)
More information about the bro-dev
mailing list