[Bro-Dev] [JIRA] (BIT-1248) TCP gaps inserted in wrong place in HTTP range request

Jon Siwek (JIRA) jira at bro-tracker.atlassian.net
Mon Sep 15 09:48:07 PDT 2014

     [ https://bro-tracker.atlassian.net/browse/BIT-1248?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jon Siwek updated BIT-1248:
    Resolution: Fixed
        Status: Closed  (was: Open)

> TCP gaps inserted in wrong place in HTTP range request
> ------------------------------------------------------
>                 Key: BIT-1248
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1248
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master
>         Environment: CentOS 6
>            Reporter: Jimmy Jones
>             Fix For: 2.4
>         Attachments: http-range-hole1.pcap, http-range.pcap
> See attached testcases, one with packet #10 missing.
> Putting this through the file extraction framework with the script below, the hole is not inserted at the correct point (the data either side of the hole is side by side). I believe this may be because HTTP.cc calls DataIn with an offset argument, which isn't updated for missing packets.
> Bug still exists with BIT-1240 applied.
> event file_new(f: fa_file)
> { Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=f$id]); } 

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list