[Bro-Dev] [Auto] Merge Status
Open Merge Requests === IDComponentReporterAssigneeUpdated For Version PrioritySummary --- -- -- -- - -- - BIT-1185 [1] BroControl Daniel Thayer - 2014-04-21 2.3 Normal topic/dnthayer/broctld-work [2] BIT-1184 [3] Bro Jon Siwek - 2014-04-18 2.3 Normal topic/jsiwek/odesc-escaping [4] BIT-1177 [5] Bro Bernhard Amann Seth Hall 2014-04-21 2.3 Normal SumStats dynamic updates do not work in cluster mode BIT-1168 [6] Bro Brian LittleSeth Hall 2014-03-31 - Low Add Java version to software framework BIT-348 [7] Bro gregor Jon Siwek 2014-04-18 2.3 HighReassembler integer overflow issues. Data not delivered after 2GB Open GitHub Pull Requests = IssueComponent User Updated Title --- --- -- #6 [8] bro jshlbrd [9] 2014-04-15 Intel::ADDR indicators in http host field [10] #4 [11] bro mareq [12] 2014-04-01 Protocol identification heuristics. [13] #4 [14] time-machine mareq [15] 2014-04-10 When deleting connections hashtable, delete stored connections as well. [16] #3 [17] time-machine mareq [18] 2014-04-10 Correct handling of Linux SLL header and VLAN headers. [19] #2 [20] time-machine mareq [21] 2014-04-09 Query interval start/end is now taken into account. [22] #1 [23] time-machine mareq [24] 2014-03-19 TM-16: Really skip VLAN header for indexing. [25] [1] BIT-1185 https://bro-tracker.atlassian.net/browse/BIT-1185 [2] broctld-work https://github.com/bro/brocontrol/tree/topic/dnthayer/broctld-work [3] BIT-1184 https://bro-tracker.atlassian.net/browse/BIT-1184 [4] odesc-escaping https://github.com/bro/bro/tree/topic/jsiwek/odesc-escaping [5] BIT-1177 https://bro-tracker.atlassian.net/browse/BIT-1177 [6] BIT-1168 https://bro-tracker.atlassian.net/browse/BIT-1168 [7] BIT-348 https://bro-tracker.atlassian.net/browse/BIT-348 [8] Pull Request #6 https://github.com/bro/bro/pull/6 [9] jshlbrd https://github.com/jshlbrd [10] Merge Pull Request #6 with git pull https://github.com/jshlbrd/bro.git master [11] Pull Request #4 https://github.com/bro/bro/pull/4 [12] mareq https://github.com/mareq [13] Merge Pull Request #4 with git pull https://github.com/mareq/bro.git topic/mareq/analyzer-for-missing-request [14] Pull Request #4 https://github.com/bro/time-machine/pull/4 [15] mareq https://github.com/mareq [16] Merge Pull Request #4 with git pull https://github.com/mareq/time-machine.git topic/mareq/memory-leaks [17] Pull Request #3 https://github.com/bro/time-machine/pull/3 [18] mareq https://github.com/mareq [19] Merge Pull Request #3 with git pull https://github.com/mareq/time-machine.git topic/mareq/linktype-linux-sll [20] Pull Request #2 https://github.com/bro/time-machine/pull/2 [21] mareq https://github.com/mareq [22] Merge Pull Request #2 with git pull https://github.com/mareq/time-machine.git topic/mareq/in-memory-query-interval [23] Pull Request #1 https://github.com/bro/time-machine/pull/1 [24] mareq https://github.com/mareq [25] Merge Pull Request #1 with git pull https://github.com/mareq/time-machine.git topic/mareq/tm-16 ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-348) Reassembler integer overflow issues. Data not delivered after 2GB
[
https://bro-tracker.atlassian.net/browse/BIT-348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robin Sommer reassigned BIT-348:
Assignee: Robin Sommer (was: Jon Siwek)
Reassembler integer overflow issues. Data not delivered after 2GB
-
Key: BIT-348
URL: https://bro-tracker.atlassian.net/browse/BIT-348
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Reporter: gregor
Assignee: Robin Sommer
Priority: High
Labels: inttypes
Fix For: 2.3
{noformat}
#!rst
The TCP Reassembler does not deliver any data to analyzers after the first
2GB due to signed integer overflow (Actually it will deliver again between
4--6GB, etc.) This happens silently, i.e., without content_gap events or
Undelivered calls.
This report superseded BIT-315, BIT-137
The TCP Reassembler (and Reassem) base class use ``int`` to keep track of
sequence numbers and ``seq_delta`` to check for differences. If a connection
exceeds 2GB, the relative sequence numbers (int) used by the Reassembler
become negative. While many parts of the Reassembler still work (because
seq_delta still reports the correct difference) some parts do not. In
particular ``seq_to_skip`` is broken (and fails silently). There might well
be other parts of the Reassembler that fail
silently as well, that I haven't found yet.
See Comments in TCP_Reassembler.cc for more details.
The Reassembler should use int64. However this will require deep changes to
the Reassembler and the TCP Analyzer and TCP_Endpoint classes (since we also
store sequence numbers there). Also, the analyzer framework will need tweaks
as well (e.g., Undelivered uses ``int`` for sequence numbers, also has to go
to 64 bit)
As a hotfix that seems to work I disabled the ``seq_to_skip`` features. It
wasn't used by any analyzer or policy script (Note, that seq_to_skip is
different from skip_deliveries). Hotfix is in
topic/gregor/reassembler-hotfix
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3-OD-02-026#6318)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1184) topic/jsiwek/odesc-escaping
[ https://bro-tracker.atlassian.net/browse/BIT-1184?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1184: -- Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) topic/jsiwek/odesc-escaping --- Key: BIT-1184 URL: https://bro-tracker.atlassian.net/browse/BIT-1184 Project: Bro Issue Tracker Issue Type: Improvement Components: Bro Affects Versions: git/master Reporter: Jon Siwek Fix For: 2.3 Minor refactor of how ODesc hex escapes stuff. Most significant: it now uses a std::set instead of std::list internally to store what strings need escaping which would prevent the recent bug of that growing out of control. Otherwise, just changed some things to re-use code and be more readable (IMO). -- This message was sent by Atlassian JIRA (v6.3-OD-02-026#6318) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
