[
https://bro-tracker.atlassian.net/browse/BIT-1500?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mark Fernandez updated BIT-1500:
--------------------------------
Resolution: Solved
Status: Closed (was: Open)
Mr. Grigorescu's recommendation was sufficient to solve the problem. Thank you.
> BinPAC Call to FlowBuffer::NewFrame with frame_length -1
> --------------------------------------------------------
>
> Key: BIT-1500
> URL: https://bro-tracker.atlassian.net/browse/BIT-1500
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: BinPAC
> Affects Versions: 2.4
> Reporter: Mark Fernandez
> Labels: analyzer
> Attachments: test.pac
>
>
> I am creating a protocol analyzer using BinPAC. I created a type record for
> chunked data, very similar to HTTP chunked data. The auto-generated C++ code
> does not parse the chunked data correctly. I tracked it down to the
> ParseBuffer code where there is a combination of calls to
> FlowBuffer::NewFrame and soon thereafter a condition check against
> FlowBuffer::ready(). The call to NewFrame passes '-1' as the frame_length
> value. NewFrame calls FlowBuffer::MarkOrCopyFrame, and because the
> frame_length is set to -1, MarkOrCopyFrame sets message_complete_ to false.
> Therefore, when FlowBuffer::ready() is called, it returns message_complete_,
> which is false, and then ParseBuffer exits via 'goto need_more_data' without
> ever parsing the chunked data. This is very frustrating. Please review and
> let me know what you think.
--
This message was sent by Atlassian JIRA
(v7.1.0-OD-01-053#71000)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
