[Bro-Dev] [JIRA] (BIT-1248) TCP gaps inserted in wrong place in HTTP range request

Jimmy Jones (JIRA) jira at bro-tracker.atlassian.net
Thu Sep 11 13:47:08 PDT 2014

    [ https://bro-tracker.atlassian.net/browse/BIT-1248?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18014#comment-18014 ] 

Jimmy Jones commented on BIT-1248:

Cool, works for me now.

> TCP gaps inserted in wrong place in HTTP range request
> ------------------------------------------------------
>                 Key: BIT-1248
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1248
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master
>         Environment: CentOS 6
>            Reporter: Jimmy Jones
>         Attachments: http-range-hole1.pcap, http-range.pcap
> See attached testcases, one with packet #10 missing.
> Putting this through the file extraction framework with the script below, the hole is not inserted at the correct point (the data either side of the hole is side by side). I believe this may be because HTTP.cc calls DataIn with an offset argument, which isn't updated for missing packets.
> Bug still exists with BIT-1240 applied.
> event file_new(f: fa_file)
> { Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=f$id]); } 

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list