* origin/topic/jsiwek/jj-bugs:
Fix incorrect data delivery skips after gap in HTTP Content-Range.
Fix file analysis placement of data after gap in HTTP Content-Range.
Fix issue w/ TCP reassembler not delivering some segments.
Raise http_entity_data in line with data arrival.
Implement file ID caching for MIME_Mail.
BIT-1240: Fix MIME entity file data/gap ordering.
BIT-1240 #closed
BIT-1246 #closed
BIT-1247 #closed
BIT-1248 #closed
The logic for determining whether a gap was entirely within a MIME
entity body was not asking the current entity, which may be better able
to answer that question if it was using the Content-Range header and
thus knows if the gap exceeds the length of the body that's still
expected.
Addresses BIT-1247
For example, if we have a connection between TCP "A" and TCP "B" and "A"
sends segments "1" and "2", but we don't see the first and then the next
acknowledgement from "B" is for everything up to, and including, "2",
the gap would be reported to include both segments instead of just the
first and then delivering the second. Put generally: any segments that
weren't yet delivered because they're waiting for an earlier gap to be
filled would be dropped when an ACK comes in that includes the gap as
well as those pending segments. (If a distinct ACK was seen for just
the gap, that situation would have worked).
Addresses BIT-1246.
As opposed to delaying until a certain-sized-buffer fills, which is
problematic because then the event becomes out of sync with the "rest of
the world". E.g. content_gap handlers being called sooner than
expected.
Addresses BIT-1240.
* origin/topic/robin/pktsrc:
Fixing link-layer handling.
Bugfixes and test updates.
Fixing remaining tests.
Adding test for dynamic packet dumper plugin.
Test updates.
Fixing Bro-level BPF filtering.
A set of smaller API tweaks, and polishing.
Adding test creating a dynamic pktsrc plugin.
Interface tweaks for PktSrc, plus docs for PktSrc and PktDumper.
A set of various fixes and smaller API tweaks, plus tests.
Moving some of the BPF filtering code into base class.
Small packet dumper API change.
Moving Pkt{Src,Dumper} a directory level up.
Removing FlowSrc.
Removing netmap, remaining pieces of the 2ndary path, and left-over files of packet sorter.
Prototype of a netmap packet source.
A series of updates and tweaks to the new PktSrc interface.
Fixing rebase relicts.
IOSource reorg.
BIT-1243 #close
MIME entities buffered data and passed it along to protocol analyzers in
discrete amounts, but a gap is always passed along right away, so the
ordering of these "events" can cause incorrect file analysis. The
change here is to never leave any MIME data buffered -- it should now be
passed along line by line as it is seen, but may still temporarily make
use of a buffer allocated by the analyzer as it works on decoding
content.
Two changes:
- Renaming the base class from DNP3_Analyzer to DNP3_Base. The
"*_Analyzer" postfix could be confusing here because it's not
actually derived from Analyzer.
- Factoring some further code/state that's joined between TCP and
UDP into the base clase.
All tests still pass.
* origin/topic/hui/dnp3-udp:
remove redundnt codes; find a way to use the analyzer function, such as Weird; fix a small bug in ProcessData function in DNP3.cc; passed the test
Renameing the DNP3 TCP analyzer
quickly fix another bug; adding missing field of the declaration of dnp3_request_application_header and dnp3_response_application_header
Removing the debug printf in DNP3.cc
fixed the bug of deciding the size of object 1 varition 1 in DNP3
Fix some things in DNP3 UDP analyzer.
changed a bug, but still not working
modify DNP3.cc and DNP3.h to add DNP3_UDP_Analyzer; binpac unchanged
* origin/topic/johanna/ticket-1212:
Fix ocsp reply validation - there were a few things that definitely were wrong.
fix null pointer dereference in ocsp verification code in case no certificate is sent as part as the ocsp reply.
Now the right signer certificate for the reply is looked up (and no longer assumed that it is the first one) and a few compares are fixed. Plus - there are more test cases that partially send certificates in the ocsp message and partially do not - and it seems to work fine in all cases.
Addresses BIT-1212
Added new sections on operators, statements, and directives. Also
improved the documentation on types and attributes by providing more
examples and added a chart on the top of each page with links to
each type and attribute for easier access to the information.
is sent as part as the ocsp reply.
Addresses BIT-1212
There is an additional issue here that prevents the correct verification of
proofs in quite a few cases; this will be addressed in a separate commit.
* origin/fastpath:
Simplify a conditional with equivalent branches.
Change EDNS parsing code to use rdlength more cautiously.
Fix a memory leak when bind() fails due to EADDRINUSE.
Fix possible buffer over-read in DNS TSIG parsing
