[Bro-Dev] #404: topic/gregor/reassmbler-hotfix -- Reassembler integer overflow issues. Data not delivered after 2GB

Bro Tracker bro at tracker.icir.org
Tue Feb 22 17:05:20 PST 2011


#404: topic/gregor/reassmbler-hotfix -- Reassembler integer overflow issues. Data
not delivered after 2GB
---------------------------+------------------------
 Reporter:  gregor         |      Owner:
     Type:  Merge Request  |     Status:  new
 Priority:  Normal         |  Milestone:  Bro1.6
Component:  Bro            |    Version:  git/master
 Keywords:                 |
---------------------------+------------------------
 {{{
 #!rst

 Hotfix for #348. A more thorough fix is needed in the long run, but this
 patch works without breaking anything. A full fix will require significant
 changes to the TCP analyzer, reassembler and possibly other parts.

 The TCP Reassembler does not deliver any data after 2GB. This happens
 silently, i.e., without content_gap events or Undelivered calls. The
 problem is the use of 32bit (signed) integers for relative sequence
 numbers.

 As a hotfix that seems to work I disabled the seq_to_skip features. It
 wasn't used by any analyzer or policy script (Note, that seq_to_skip is
 different from skip_deliveries).


 CHANGES entry:

 * TCP Reassembler hotfix: deliver data after 2GB by disabling the
   unused ``seq_to_skip`` feature.


 -------

 Note: there is an unfortunate type in the branch name, but I don't know
 how to safely rename the branch locally and remotely::

    topic/gregor/reassmbler-hotfix
                     ^^
                    'e' is missing

 }}}

-- 
Ticket URL: <http://tracker.icir.org/bro/ticket/404>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker



More information about the bro-dev mailing list