[Bro] Spicy and meta data
robin at icir.org
Mon Mar 14 14:50:04 PDT 2016
On Mon, Mar 14, 2016 at 17:06 -0400, Troy Jordan wrote:
> Is this a hypothetical example, or is there currently a mechanism in
> Spicy to insert layer-4 meta data into an application layer stream, as
> suggested in the Spicy tech report, p5:
Yes, that mechanism exists, see the
tests/binpac/synchronize/sync-at-mark.pac2 for an example: the
pac-driver command line in there specifies positions to mark, where
the second unit then re-synchronizes when encountering errors.
> " To implement that, the TCP dissector would insert marks into the input
> stream corresponding to packet boundaries for the HTTP dissector to skip
> ahead to. "
What's hypothetical here is the TCP dissector using the mechanism,
that's not implemented.
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the Bro