[Bro-Dev] #348: Reassembler integer overflow issues. Data not delivered after 2GB

Bro Tracker bro at tracker.icir.org
Fri Feb 25 10:33:34 PST 2011

#348: Reassembler integer overflow issues. Data not delivered after 2GB
  Reporter:  gregor   |      Owner:
      Type:  Problem  |     Status:  new
  Priority:  Normal   |  Milestone:  Bro1.7
 Component:  Bro      |    Version:  git/master
Resolution:           |   Keywords:  inttypes

Comment (by robin):

 Moving some notes out of the source and in here:

 // The Reassembler uses 32 bit ints for keeping track of sequence
 // numbers. This means that the seq numbers will become negative once we
 // exceed 2 GB of data. The Reassembler seems to mostly work despite
 // sequence numbers, since seq_delta() will handle them gracefully.
 // there are a couple of issues. E.g., seq_to_skip doesn't work (which is
 // disabled with an ifdef, since it wasn't used) Also, a check in
 // Undelivered() had a problem with negative sequence numbers.
 // There are numerous counters (e.g., number of total bytes, etc.) that
 // incorrect due to overflow too. However, these seem to be for
 // purposes only, so we currently ignore them.
 // There might be other problems hidden somewhere, that I haven't
 // yet......
 // Reassem.{cc|h} and other "Reassemblers" that inherit from it (e.g.,
 // need to be updated too.

Ticket URL: <http://tracker.icir.org/bro/ticket/348#comment:3>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list