mirror of
https://github.com/zeek/zeek.git
synced 2025-10-16 21:48:21 +00:00
Small updates for the bittorrent analyzer to support 64bit types in binpac.
- This branch removes the attempt at bittorrent resynchronization. I don't think that the bittorrent resynchronization would really work very well anyway. - This need to be merged after the topic/seth/64bit-type branch in binpac.
This commit is contained in:
Seth Hall
parent
c607785cec
commit
c03efbb570
4 changed files with 56 additions and 51 deletions
|
|
@ -66,39 +66,44 @@ void BitTorrent_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
|
|||
|
||||
void BitTorrent_Analyzer::Undelivered(int seq, int len, bool orig)
|
||||
{
|
||||
uint64 entry_offset = orig ?
|
||||
*interp->upflow()->next_message_offset() :
|
||||
*interp->downflow()->next_message_offset();
|
||||
uint64& this_stream_len = orig ? stream_len_orig : stream_len_resp;
|
||||
bool& this_stop = orig ? stop_orig : stop_resp;
|
||||
|
||||
TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
|
||||
|
||||
this_stream_len += len;
|
||||
|
||||
if ( entry_offset < this_stream_len )
|
||||
{ // entry point is somewhere in the gap
|
||||
DeliverWeird("Stopping BitTorrent analysis: cannot recover from content gap", orig);
|
||||
this_stop = true;
|
||||
if ( stop_orig && stop_resp )
|
||||
ProtocolViolation("BitTorrent: content gap and/or protocol violation");
|
||||
}
|
||||
else
|
||||
{ // fill the gap
|
||||
try
|
||||
{
|
||||
u_char gap[len];
|
||||
memset(gap, 0, len);
|
||||
interp->NewData(orig, gap, gap + len);
|
||||
}
|
||||
catch ( binpac::Exception const &e )
|
||||
{
|
||||
DeliverWeird("Stopping BitTorrent analysis: filling content gap failed", orig);
|
||||
this_stop = true;
|
||||
if ( stop_orig && stop_resp )
|
||||
ProtocolViolation("BitTorrent: content gap and/or protocol violation");
|
||||
}
|
||||
}
|
||||
// I think that shoving data that is definitely wrong into the
|
||||
// parser seems like a really bad idea. The way it's currently
|
||||
// tracking the next message offset isn't compatible with
|
||||
// new 64bit int support in binpac either.
|
||||
|
||||
//uint64 entry_offset = orig ?
|
||||
// *interp->upflow()->next_message_offset() :
|
||||
// *interp->downflow()->next_message_offset();
|
||||
//uint64& this_stream_len = orig ? stream_len_orig : stream_len_resp;
|
||||
//bool& this_stop = orig ? stop_orig : stop_resp;
|
||||
//
|
||||
//this_stream_len += len;
|
||||
//
|
||||
//if ( entry_offset < this_stream_len )
|
||||
// { // entry point is somewhere in the gap
|
||||
// DeliverWeird("Stopping BitTorrent analysis: cannot recover from content gap", orig);
|
||||
// this_stop = true;
|
||||
// if ( stop_orig && stop_resp )
|
||||
// ProtocolViolation("BitTorrent: content gap and/or protocol violation");
|
||||
// }
|
||||
//else
|
||||
// { // fill the gap
|
||||
// try
|
||||
// {
|
||||
// u_char gap[len];
|
||||
// memset(gap, 0, len);
|
||||
// interp->NewData(orig, gap, gap + len);
|
||||
// }
|
||||
// catch ( binpac::Exception const &e )
|
||||
// {
|
||||
// DeliverWeird("Stopping BitTorrent analysis: filling content gap failed", orig);
|
||||
// this_stop = true;
|
||||
// if ( stop_orig && stop_resp )
|
||||
// ProtocolViolation("BitTorrent: content gap and/or protocol violation");
|
||||
// }
|
||||
// }
|
||||
}
|
||||
|
||||
void BitTorrent_Analyzer::EndpointEOF(TCP_Reassembler* endp)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue