View unanswered posts | View active topics It is currently Sun Oct 22, 2017 6:30 am



Post new topic Reply to topic  [ 8 posts ] 
 Bug in 0.7.1 Source ? 
Author Message

Joined: Thu Feb 02, 2012 3:25 pm
Posts: 26
Reply with quote
Post Bug in 0.7.1 Source ?
This looks like a bug:
xplico-0.7.1\dispatch\cli\cli.c (line 2814)
Code:
        else if (ppei->prot_id == syslog_id) {
            syslog++;
            ret = DispSyslog(ppei);
        }

Should be...
Code:
        else if (ppei->prot_id == syslog_id) {
         if (ppei->ret == FALSE) {
            syslog++;
         }
            ret = DispSyslog(ppei);
        }


Wed Feb 08, 2012 8:10 pm
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Bug in 0.7.1 Source ?
Hi
thanks. Yes, it is a bug.

Ciao.
Gianluca


Wed Feb 08, 2012 9:44 pm
Profile WWW

Joined: Thu Feb 02, 2012 3:25 pm
Posts: 26
Reply with quote
Post Re: Bug in 0.7.1 Source ?
I think I found another bug:
xplico-0.7.1\dispatch\lite\lite.c - line 4551, 4555

Bug: Using "XS_TELNET_DIR_PATH" in the DispSyslog function.

Code:
static int DispSyslog(pei *ppei)
{

   ...

    /* compose query and insert record */
    if (path) {
        /* new path */
        name = strrchr(path, '/');
        name++;
        sprintf(rep, XS_TELNET_DIR_PATH"/%s", pol, sess, name);
        rename(path, rep);
        DispFilePaths(pol, rep);
        /* flow info */
        sprintf(flow_info, XS_TELNET_DIR_PATH"/flow_%s.xml", pol, sess, name);
        DispFlowInfo(flow_info, ppei->stack);
        /* query */
        sprintf(query, XS_QUERY_SYSLOG_TEMPLATE, sess, pol, src_id, PEI_TIME(ppei->time_cap), flow_info,
                hosts, rep, (unsigned long)size);
        if (DispQuery(query, NULL) != 0) {
            printf("query: %s\n", query);
        }
    }

    return 0;
}


Mon Feb 13, 2012 4:08 pm
Profile

Joined: Thu Feb 02, 2012 3:25 pm
Posts: 26
Reply with quote
Post Re: Bug in 0.7.1 Source ?
Also, is there a dissector for syslog in the "xplico-0.7.1\dissectors" directory?


Mon Feb 13, 2012 4:42 pm
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Bug in 0.7.1 Source ?
Hi ipfrag,
yes, it is a bug but it is not so important, ie with our without the correct #define nothing changes (the xplico functionality it is ok in both the cases).

The syslog dissector will be released with the next version: 1.0.0.

Ciao.
Gianluca


Mon Feb 13, 2012 8:09 pm
Profile WWW

Joined: Thu Feb 02, 2012 3:25 pm
Posts: 26
Reply with quote
Post Re: Bug in 0.7.1 Source ?
Minor bug in "xplico-0.7.1\dissectors\telnet\telnet.c" - line 448

Code:
hdep.pktlim = TELNET_PKT_LIMIT;

should be...
Code:
TELNET_PKT_CHECK


Thu Feb 16, 2012 4:29 pm
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Bug in 0.7.1 Source ?
Hi,
no, this is not a bug.
TELNET_PKT_LIMIT (ie hdep.pktlim) is the maximal number of packet on with which the module (telnet) can recognizes its protocol (ie telnet protocol). Beyond that, the Xplico's core does not give the opportunity to do (at the module) the analysis on the flow (single) not yet classified (recognized).
That parameter is used to not load the CPU unnecessarily.

TELNET_PKT_CHECK is the number of (real) telnet packet that classify a (not yet classified/recognized) flow as telnet protocol.

Ciao.
Gianluca


Thu Feb 16, 2012 9:03 pm
Profile WWW

Joined: Thu Feb 02, 2012 3:25 pm
Posts: 26
Reply with quote
Post Re: Bug in 0.7.1 Source ?
My mistake.


Fri Feb 17, 2012 7:13 pm
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by Vjacheslav Trushkin for Free Forums/DivisionCore.