TCP Reassembler hotfix for conns > 2GB.

The TCP Reassembler does not deliver any data to analyzers after the first 2GB due to signed integer overflow (Actually it will deliver again between 4--6GB, etc.) This happens silently, i.e., without content_gap events or Undelivered calls. See Comments in TCP_Reassembler.cc for more details. As a hotfix that seems to work I disabled the seq_to_skip features. It wasn't used by any analyzer or policy script (Note, that seq_to_skip is different from skip_deliveries). See also ticket #348
2025-10-02 06:38:20 +00:00 · 2011-01-12 09:38:13 -08:00 · 2011-01-12 09:38:13 -08:00 · a5632aff4e
commit a5632aff4e
parent d24f7a6aad
4 changed files with 74 additions and 16 deletions
--- a/src/Reassem.h
+++ b/src/Reassem.h
@ -11,7 +11,7 @@
 class DataBlock {
 public:
 	DataBlock(const u_char* data, int size, int seq,
-			DataBlock* next, DataBlock* prev);
+			DataBlock* prev, DataBlock* next);

 	~DataBlock();