[Bro-Dev] #317: Analyzer::Undelivered should use relative sequence numbers (and go to 64bit)
Bro Tracker
bro at tracker.icir.org
Mon Nov 22 13:12:00 PST 2010
#317: Analyzer::Undelivered should use relative sequence numbers (and go to
64bit)
----------------------+------------------------
Reporter: gregor | Owner:
Type: Task | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Keywords: inttypes |
----------------------+------------------------
{{{
#!rst
``Analyzer::Undelivered(int seq, int len)`` is called with absolute TCP
sequence from the TCP reassambler. However, since the analyzer framework
should work on abstract byte streams, it should return *realtive* sequence
numbers.
In addition, it should use 64 bit integers!
Note, that Undelivered is not really used. The HTTP.cc analyzer uses it,
but ``seq`` is to generate a mime_content_gap event. It does seem that
HTTP.cc assumes the seq number is relative....
}}}
--
Ticket URL: <http://tracker.icir.org/bro/ticket/317>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list