[Bro-Dev] Hui Lin_Binpac: handle incremental input for flowunit
Seth Hall
seth at icir.org
Wed Jul 20 21:56:35 PDT 2011
On Jul 21, 2011, at 12:41 AM, Hui Lin wrote:
> XXX_Request is the flowunit data. My problem is that after header is parsed, I still don't know the length of the whole XXX_Request data unit.
Presumably this is for the DNP3 protocol? There isn't any framing around the request with the length? Are they framing it to the packet perhaps? (I'm running into sort of similar trouble with the SSL analyzer and binpac doesn't let you frame to the packets).
I don't think you can use datagram if the protocol you're working on is TCP since the packets could be fragmented or out of order. I'd love to be proven wrong though....
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list