[Bro-Dev] Hui Lin_Out of Bound Exception from flowunit
Hui Lin
hlin33 at illinois.edu
Fri Aug 26 09:46:41 PDT 2011
HI,
when I am writing a flowunit for dnp3 protocol, I find a weird situation.
Here is the record type for the flowunit:
type Dnp3_Test = record {
start: uint16;
len: uint8;
ctrl: uint8;
dest_addr: uint16;
src_addr: uint16;
rest: bytestring &restofdata;
} &byteorder = bigendian
&length= (8 + len -5 - 1)
;
I am writing this type for step by step debug. There is no compiling and
linking error. But when you parse the traffic dump by this protocol
analyzer, binpac will generate following exception
1217561494.208541 weird: binpac exception: out_of_bound: Dnp3_Test:src_addr:
8 > 3
8 is the size of all data before "rest" the bytestring, and 3 is the size of
data "start" and "len". "len" is used to define the &length of this record.
It seems that after "len", you can not define extra data, such as "ctrl",
"dest_addr" and doing this will generate the above exception. However, if
you change the type of all data after "len" into bytestring, then the
exception will not happen. But I still want to keep those data as the
"uint8". Any suggestion to solve this problem?
Best,
Hui
--
Hui Lin
Research Assistant
DEPEND Research Group, ECE Department
University of Illinois at Urbana-Champaign
hlin33 at illinois.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20110826/30ad19be/attachment.html
More information about the bro-dev
mailing list