[Bro-Dev] [JIRA] (BIT-1247) Missing packet in HTTP byte ranges request stops processing

[Jon Siwek (JIRA)]

    [ https://bro-tracker.atlassian.net/browse/BIT-1247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18012#comment-18012 ] 

Jon Siwek commented on BIT-1247:
--------------------------------

The logic to check whether the gap fell entirely within entity body was off.  A fix is in "topic/jsiwek/bit-1247".  That also includes changes from BIT-1240, BIT-1246, and BIT-1248.  I also have "topic/jsiwek/jj-bugs" that includes everything; if I need to do more changes I may just do them there otherwise may be hard to keep track of things, else we'll see about getting this merged in to master if it looks good to you.

> Missing packet in HTTP byte ranges request stops processing
> -----------------------------------------------------------
>
>                 Key: BIT-1247
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1247
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master
>         Environment: CentOS 6
>            Reporter: Jimmy Jones
>         Attachments: byteranges-hole1.trace
>
>
> I've created the attached file from one in the testing framework, but with packet #8 removed. The missing packet is in the middle of a mime part and doesn't straddle any MIME boundaries. However with the packet removed, the file output by the file analysis framework only contains the data up until the missing packet. As the missing packet didn't include any MIME boundaries, I wouldn't expect this behavior.
> Used the following bro script:
> event file_new(f: fa_file)
> { Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=f$id]); } 



--
This message was sent by Atlassian JIRA
(v6.4-OD-04-006#64001)