Hi all,
I tried to access the field tcp_hdr::dl in one of my bro scripts in
order to obtain the TCP payload length. But all the values calculated by
bro seemed to be way too big.
This is due to a missing ntohs() call on the total length field in the
IP-Header in Session.cc. I attached a patch against bro-1.4 that should
fix the problem.
Best regards,
Lothar
bropatch.diff (1.03 KB)
Good catch! Can you please file the patch with our tracker
(tracker.icir.org/bro) so that it don't get lost? Thanks!
Robin
Hi,
Robin Sommer wrote:
Good catch! Can you please file the patch with our tracker
(tracker.icir.org/bro) so that it don't get lost? Thanks!
oh, I wasn't aware of that tracker. I created ticket #50 and attached
the patch to it.
Regards,
Lothar
It's new. 
Thanks!
Robin