Merge remote branch 'origin/topic/gregor/reassmbler-hotfix'

Closes #404. * origin/topic/gregor/reassmbler-hotfix: TCP Reassembler hotfix for conns > 2GB.
2025-10-03 23:28:20 +00:00 · 2011-02-25 10:52:01 -08:00 · 2011-02-25 10:52:01 -08:00 · a3e1dd5261
commit a3e1dd5261
parent 9b94218c63 6af01a205f
6 changed files with 59 additions and 17 deletions
--- a/src/TCP_Reassembler.h
+++ b/src/TCP_Reassembler.h
@ -6,6 +6,13 @@
 #include "Reassem.h"
 #include "TCP_Endpoint.h"

+// The skip_to_seq feature does not work correctly with connections >2GB due
+// to use of 32 bit signed ints (see comments in TCP_Reassembler.cc) Since
+// it's not used by any analyzer or policy script we disable it. Could be
+// added back in once we start using 64bit integers.
+//
+// #define ENABLE_SEQ_TO_SKIP
+
 class BroFile;
 class Connection;
 class TCP_Analyzer;
@ -60,9 +67,11 @@ public:

 	void MatchUndelivered(int up_to_seq = -1);

+#ifdef ENABLE_SEQ_TO_SKIP
 	// Skip up to seq, as if there's a content gap.
 	// Can be used to skip HTTP data for performance considerations.
 	void SkipToSeq(int seq);
+#endif

 	int DataSent(double t, int seq, int len, const u_char* data,
 			bool replaying=true);
@ -85,9 +94,10 @@ public:
 	const TCP_Endpoint* Endpoint() const	{ return endp; }

 	int IsOrig() const	{ return endp->IsOrig(); }
-
+#ifdef ENABLE_SEQ_TO_SKIP
 	bool IsSkippedContents(int seq, int length) const
 		{ return seq + length <= seq_to_skip; }
+#endif

 private:
 	TCP_Reassembler()	{ }
@ -110,7 +120,9 @@ private:
 	unsigned int did_EOF:1;
 	unsigned int skip_deliveries:1;

+#ifdef ENABLE_SEQ_TO_SKIP
 	int seq_to_skip;
+#endif
 	bool in_delivery;

 	BroFile* record_contents_file;	// file on which to reassemble contents