Hi all,
I tried to access the field tcp_hdr::dl in one of my bro scripts in
order to obtain the TCP payload length. But all the values calculated by
bro seemed to be way too big.
This is due to a missing ntohs() call on the total length field in the
IP-Header in Session.cc. I attached a patch against bro-1.4 that should
fix the problem.
Best regards,
Lothar
bropatch.diff (1.03 KB)