[Bro] Forcing analyser on partial connections
Vern Paxson
vern at icir.org
Wed Jun 2 08:11:39 PDT 2010
> Tried it on bro 1.5.1 but am unable to get it to run the http analyzer on a
> partial trace. I have attached the trace in question to this email, if you
> want to try it out.
Oops, I now see that I was running on a modified 1.5.1 that was specifically
hacked a while ago to avoid this problem too! Patched appended.
Vern
Index: src/HTTP.cc
===================================================================
--- src/HTTP.cc (revision 6988)
+++ src/HTTP.cc (working copy)
@@ -794,7 +794,7 @@
{
TCP_ApplicationAnalyzer::DeliverStream(len, data, is_orig);
- if ( TCP() && TCP()->IsPartial() )
+ if ( TCP() && TCP()->IsPartial() && 0 )
return;
const char* line = reinterpret_cast<const char*>(data);
More information about the Bro
mailing list