Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 12:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

TCP Reassembler hotfix for conns > 2GB.

Browse source 
The TCP Reassembler does not deliver any data to analyzers after the
first 2GB due to signed integer overflow (Actually it will deliver again
between 4--6GB, etc.) This happens silently, i.e., without content_gap
events or Undelivered calls.

See Comments in TCP_Reassembler.cc for more details.

As a hotfix that seems to work I disabled the seq_to_skip features. It
wasn't used by any analyzer or policy script (Note, that seq_to_skip is
different from skip_deliveries).

See also ticket #348
This commit is contained in:
Gregor Maier 2011-01-12 09:38:13 -08:00
parent d24f7a6aad
commit a5632aff4e
4 changed files with 74 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/Reassem.cc
View file

@ -195,8 +195,10 @@ void Reassembler::Describe(ODesc* d) const
d->Add("reassembler");
}
void Reassembler::Undelivered(int /* up_to_seq */)
void Reassembler::Undelivered(int up_to_seq)
{
// TrimToSeq() expects this.
last_reassem_seq = up_to_seq;
}
DataBlock* Reassembler::AddAndCheck(DataBlock* b, int seq, int upper,