That field is based on TCP sequence numbers and on seeing a SYN followed
by a failed RST injection response, the initial sequence number tracked
the value in the injection (most likely zero) instead of value in
subsequent SYN response. This could make c$resp$size be set to large
values when it's not really.
Also removed some dead code paths.
* origin/fastpath:
Fix memory leak in ascii input reader.
Improvements for the "bad checksums" detector to make it detect bad TCP checksums.
Improved file name extraction for SMTP when file name is included in Content-Type header.
Small tweak to "bad checksum" script to avoid potential division by
zeros.
Specifically:
- Move implementation details into *.cc.
- Const correctness: do not require superfluous cast.
- Style: asterisk "binds" to type, not name.
Both local and global variables declared with "const" could be modified,
but now expressions that would modify them should generate an error
message at parse-time.
* origin/fastpath:
Trick for parallelizing input framework unit tests.
Maybe fix reliability of a unit test that relies on when statements.
Remove unused attributes
For an index expression list, ListExpr::InitVal() passed the TypeList
to Expr::InitVal() for each expression element in the list instead of
the type for that element. This made RecordConstructorExpr::InitVal()
complain since it expects a RecordType and not a TypeList with a
RecordType element as an argument. In most other cases, Expr::InitVal()
worked because check_and_promote() "flattens" the list to a single type.
Removed attributes &postprocessor and &match from documentation
and source code. Removed undocumented attribute &attr from
source code. Removed internal attribute (&tracked) from documentation.
consisting of letters [A-Za-z].
I had some bogus HTTP sessions now with the test-suite that reported
data as HTTP because it started with "<!... ". Requiring letters seems
a reasonable constraint.
* vlad/topic/vladg/http-verbs:
A test for HTTP methods, including some horribly illegal requests.
Remove hardcoded HTTP verbs from the analyzer (#741)
I added a "bad_HTTP_request" weird for HTTP request lines that don't
have more than a single word.
Closes#741.
