[Zeek] binpac with PDUs in multiple segments

Jon Siwek jsiwek at corelight.com
Thu Mar 19 22:25:27 PDT 2020


On Thu, Mar 19, 2020 at 1:39 PM Jeff Barber <jsbarber60 at gmail.com> wrote:

> So, really the question is: should this work? And if so, what am I doing wrong?

I didn't notice anything wrong with what you were trying, but I did
find the parsing logic generated by binpac was wrong.  I made a PR
with a fix (and using your test case) here:

    https://github.com/zeek/zeek/pull/873

Specifically this binpac patch in case you want to use it and work
ahead until the bugfix gets reviewed/merged into Zeek.

    https://github.com/zeek/binpac/commit/31203a3458baa6bdfc355e260a102f9402fbe3e2

- Jon


More information about the Zeek mailing list