[
https://bro-tracker.atlassian.net/browse/BIT-1500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=23003#comment-23003
]
Mark Fernandez commented on BIT-1500:
-------------------------------------
OK, that would be great. I apologize for closing the ticket prematurely, but I
am honestly satisfied with the workaround and didn't want to burden BIT with a
lingering OPEN ticket. Shall we re-open it?
> BinPAC Call to FlowBuffer::NewFrame with frame_length -1
> --------------------------------------------------------
>
> Key: BIT-1500
> URL: https://bro-tracker.atlassian.net/browse/BIT-1500
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: BinPAC
> Affects Versions: 2.4
> Reporter: Mark Fernandez
> Labels: analyzer
> Attachments: test.pac
>
>
> I am creating a protocol analyzer using BinPAC. I created a type record for
> chunked data, very similar to HTTP chunked data. The auto-generated C++ code
> does not parse the chunked data correctly. I tracked it down to the
> ParseBuffer code where there is a combination of calls to
> FlowBuffer::NewFrame and soon thereafter a condition check against
> FlowBuffer::ready(). The call to NewFrame passes '-1' as the frame_length
> value. NewFrame calls FlowBuffer::MarkOrCopyFrame, and because the
> frame_length is set to -1, MarkOrCopyFrame sets message_complete_ to false.
> Therefore, when FlowBuffer::ready() is called, it returns message_complete_,
> which is false, and then ParseBuffer exits via 'goto need_more_data' without
> ever parsing the chunked data. This is very frustrating. Please review and
> let me know what you think.
--
This message was sent by Atlassian JIRA
(v7.1.0-OD-01-053#71000)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
