Small updates for the bittorrent analyzer to support 64bit types in binpac.

- This branch removes the attempt at bittorrent resynchronization. I don't think that the bittorrent resynchronization would really work very well anyway. - This need to be merged after the topic/seth/64bit-type branch in binpac.
2025-10-10 02:28:21 +00:00 · 2012-01-27 22:55:42 -05:00 · 2012-01-27 22:55:42 -05:00 · c03efbb570
commit c03efbb570
parent c607785cec
4 changed files with 56 additions and 51 deletions
--- a/aux/binpac
+++ b/aux/binpac
@ -1 +1 @@
-Subproject commit 43308aab47a3357ca1885e1b6954154a2744d821
+Subproject commit 35d69ffd88f14820c495a7b66c103f9b94a604ae
--- a/src/BitTorrent.cc
+++ b/src/BitTorrent.cc
@ -66,39 +66,44 @@ void BitTorrent_Analyzer::DeliverStream(int len, const u_char* data, bool orig)

 void BitTorrent_Analyzer::Undelivered(int seq, int len, bool orig)
 	{
-	uint64 entry_offset = orig ?
-		*interp->upflow()->next_message_offset() :
-		*interp->downflow()->next_message_offset();
-	uint64& this_stream_len = orig ? stream_len_orig : stream_len_resp;
-	bool& this_stop = orig ? stop_orig : stop_resp;
-
 	TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);

-	this_stream_len += len;
+	// I think that shoving data that is definitely wrong into the 
+	// parser seems like a really bad idea.  The way it's currently
+	// tracking the next message offset isn't compatible with
+	// new 64bit int support in binpac either.
 	
-	if ( entry_offset < this_stream_len )
-		{ // entry point is somewhere in the gap
-		DeliverWeird("Stopping BitTorrent analysis: cannot recover from content gap", orig);
-		this_stop = true;
-		if ( stop_orig && stop_resp )
-			ProtocolViolation("BitTorrent: content gap and/or protocol violation");
-		}
-	else
-		{ // fill the gap
-		try
-			{
-			u_char gap[len];
-			memset(gap, 0, len);
-			interp->NewData(orig, gap, gap + len);
-			}
-		catch ( binpac::Exception const &e )
-			{
-			DeliverWeird("Stopping BitTorrent analysis: filling content gap failed", orig);
-			this_stop = true;
-			if ( stop_orig && stop_resp )
-				ProtocolViolation("BitTorrent: content gap and/or protocol violation");
-			}
-		}
+	//uint64 entry_offset = orig ?
+	//	*interp->upflow()->next_message_offset() :
+	//	*interp->downflow()->next_message_offset();
+	//uint64& this_stream_len = orig ? stream_len_orig : stream_len_resp;
+	//bool& this_stop = orig ? stop_orig : stop_resp;
+	//
+	//this_stream_len += len;
+    //
+	//if ( entry_offset < this_stream_len )
+	//	{ // entry point is somewhere in the gap
+	//	DeliverWeird("Stopping BitTorrent analysis: cannot recover from content gap", orig);
+	//	this_stop = true;
+	//	if ( stop_orig && stop_resp )
+	//		ProtocolViolation("BitTorrent: content gap and/or protocol violation");
+	//	}
+	//else
+	//	{ // fill the gap
+	//	try
+	//		{
+	//		u_char gap[len];
+	//		memset(gap, 0, len);
+	//		interp->NewData(orig, gap, gap + len);
+	//		}
+	//	catch ( binpac::Exception const &e )
+	//		{
+	//		DeliverWeird("Stopping BitTorrent analysis: filling content gap failed", orig);
+	//		this_stop = true;
+	//		if ( stop_orig && stop_resp )
+	//			ProtocolViolation("BitTorrent: content gap and/or protocol violation");
+	//		}
+	//	}
 	}

 void BitTorrent_Analyzer::EndpointEOF(TCP_Reassembler* endp)
--- a/src/bittorrent-analyzer.pac
+++ b/src/bittorrent-analyzer.pac
@ -10,25 +10,25 @@ flow BitTorrent_Flow(is_orig: bool) {

 	%member{
 		bool handshake_ok;
-		uint64 _next_message_offset;
+		//uint64 _next_message_offset;
 	%}

 	%init{
 		handshake_ok = false;
-		_next_message_offset = 0;
+		//_next_message_offset = 0;
 	%}

-	function next_message_offset(): uint64
-		%{
-		return &_next_message_offset;
-		%}
+	#function next_message_offset(): uint64
+	#	%{
+	#	return &_next_message_offset;
+	#	%}

-	function increment_next_message_offset(go: bool, len: uint32): bool
-		%{
-		if ( go )
-			_next_message_offset += len;
-		return true;
-		%}
+	#function increment_next_message_offset(go: bool, len: uint32): bool
+	#	%{
+	#	if ( go )
+	#		_next_message_offset += len;
+	#	return true;
+	#	%}

 	function is_handshake_delivered(): bool
 		%{
--- a/src/bittorrent-protocol.pac
+++ b/src/bittorrent-protocol.pac
@ -22,8 +22,8 @@ type BitTorrent_Handshake = record {

 } &length = 68, &let {
 	validate: bool = $context.flow.validate_handshake(pstrlen, pstr);
-	incoffsetffset: bool =
-		$context.flow.increment_next_message_offset(true, 68);
+	#incoffsetffset: bool =
+	#	$context.flow.increment_next_message_offset(true, 68);
 	deliver: bool =
 		$context.flow.deliver_handshake(reserved, info_hash, peer_id);
 };
@ -72,8 +72,8 @@ type BitTorrent_PieceHeader(len: uint32) = record {
 	index: uint32;
 	begin: uint32;
 } &let {
-	incoffset: bool =
-		$context.flow.increment_next_message_offset(true, len + 5);
+	#incoffset: bool =
+	#	$context.flow.increment_next_message_offset(true, len + 5);
 };

 type BitTorrent_Piece(len: uint32) = record {
@ -134,9 +134,9 @@ type BitTorrent_Message = record {
 		default -> message_id: BitTorrent_MessageID(len.len);
 	};
 } &length = 4 + len.len, &let {
-	incoffset: bool = $context.flow.increment_next_message_offset(
-				len.len == 0 || message_id.id != TYPE_PIECE,
-				4 + len.len);
+	#incoffset: bool = $context.flow.increment_next_message_offset(
+	#			len.len == 0 || message_id.id != TYPE_PIECE,
+	#			4 + len.len);
 };

 type BitTorrent_PDU = case $context.flow.is_handshake_delivered() of {