Merge remote-tracking branch 'origin/topic/awelzel/3278-spicy-fix-port-range-off-by-one'

* origin/topic/awelzel/3278-spicy-fix-port-range-off-by-one: spicy: Do not register port N+1 for port N in .evt file (cherry picked from commit 6e6a2bee8a)
2025-10-17 05:58:20 +00:00 · 2023-09-07 13:28:42 +02:00 · 2023-09-07 13:28:42 +02:00 · c413c6d71a
commit c413c6d71a
parent 846d764886
4 changed files with 32 additions and 2 deletions
--- a/src/spicy/manager.cc
+++ b/src/spicy/manager.cc
@ -693,6 +693,10 @@ void Manager::InitPostScript() {
                SPICY_DEBUG(hilti::rt::fmt("  Scheduling analyzer for port %s", port_));
                analyzer_mgr->RegisterAnalyzerForPort(tag, transport_protocol(port_), port);

+                // Don't double register in case of single-port ranges.
+                if ( ports.begin.port() == ports.end.port() )
+                    break;
+
                // Explicitly prevent overflow.
                if ( port == std::numeric_limits<decltype(port)>::max() )
                    break;
--- a/src/spicy/spicyz/glue-compiler.cc
+++ b/src/spicy/spicyz/glue-compiler.cc
@ -298,8 +298,8 @@ static ::zeek::spicy::rt::PortRange extract_port_range(const std::string& chunk,
    }

    if ( ! end )
-        // EVT port ranges are a closed interval, but rt are half-closed.
-        end = hilti::rt::Port(start.port() + 1, start.protocol());
+        // EVT port ranges are a closed.
+        end = hilti::rt::Port(start.port(), start.protocol());

    return {start, *end};
 }