Hey Ted What do you think the desired behavior should be for corrupt packets? Should Drill just ignore, or should we maybe create a Boolean field like isCorrupt or something and mark corrupt packets as such?
Sent from my iPhone > On Feb 7, 2019, at 11:45, Ted Dunning <[email protected]> wrote: > > Giovanni, > > A critical thing to help progress here is sample corrupted data. Even just > information about what kind of corruption you are seeing is important. > > Packet corruption is a key technique of malware so handling bad records > well is of great importance. > > > >> On Thu, Feb 7, 2019 at 3:54 PM GiovanniC <[email protected]> wrote: >> >> Unfortunately I don’t have more of them at the moment. >> >>> Il giorno 7 feb 2019, alle ore 14:33, Charles Givre <[email protected]> >> ha scritto: >>> >>> Hi Giovanni, >>> Can you post additional PCAP files that don’t work? Basically, I’m >> going to add some code that will let you set a tolerance level of how many >> errors Drill will tolerate before throwing an exception. >>> — C >>> >>>> On Feb 7, 2019, at 07:33, GiovanniC <[email protected]> wrote: >>>> >>>> I can help you by doing some test. >>>> >>>>> Il giorno 6 feb 2019, alle ore 18:46, Charles Givre <[email protected]> >> ha scritto: >>>>> >>>>> Just create a ticket and I will work on it. >>>>> >>>>> Sent from my iPhone >>>>> >>>>>> On Feb 6, 2019, at 12:35, Giovanni Conte <[email protected]> wrote: >>>>>> >>>>>> I would like to, but I am not a java dev :( >>>>>> >>>>>> Il giorno mer 6 feb 2019 alle ore 18:31 Arina Yelchiyeva < >>>>>> [email protected]> ha scritto: >>>>>> >>>>>>> Contributions are always welcome :) >>>>>>> >>>>>>> Kind regards, >>>>>>> Arina >>>>>>> >>>>>>>> On Wed, Feb 6, 2019 at 7:19 PM Charles Givre <[email protected]> >> wrote: >>>>>>>> >>>>>>>> Hi Giovanni >>>>>>>> I think it would be useful for Drill to have some ability to ignore >>>>>>>> corrupt rows in a PCAP file. Can you open a JIRA ticket for this? >>>>>>>> >>>>>>>> Sent from my iPhone >>>>>>>> >>>>>>>>> On Feb 6, 2019, at 12:15, Arina Yelchiyeva < >> [email protected] >>>>>>>> >>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Hi Giovanni, >>>>>>>>> >>>>>>>>> I don't think Drill pcap format reader has such functionality. >>>>>>>>> >>>>>>>>> Kind regards, >>>>>>>>> Arina >>>>>>>>> >>>>>>>>>> On Wed, Feb 6, 2019 at 6:39 PM Giovanni Conte <[email protected]> >>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> I'm trying to query a pcap file and I know that there are >> corrupted >>>>>>> rows >>>>>>>>>> (precisely line 6407), >>>>>>>>>> I need a command to skip this rows to avoid the following error: >>>>>>>>>> >>>>>>>>>> Error: INTERNAL_ERROR ERROR: null >>>>>>>>>> Fragment 0:0 >>>>>>>>>> Please, refer to logs for more information. >>>>>>>>>> [Error Id: fe17f64d-4ac8-453f-b442-9bcf68c69c61 on ubuntu:31010] >>>>>>>>>> (state=,code=0) >>>>>>>>>> >>>>>>>>>> [...] >>>>>>>>>> >>>>>>>>>> the complete error is attached in the txt file ()for java >> exceptions, >>>>>>>>>> along with the pcap file used for testing this issue. I would >> like to >>>>>>>> avoid >>>>>>>>>> a pre-parsing of the pcap when a corrupted row is found. >>>>>>>>>> Is there a way to avoid this problem? >>>>>>>>>> Thanks, >>>>>>>>>> >>>>>>>>>> Giovanni >>>>>>>>>> >>>>>>>>>> OS: Ubuntu 18.4 >>>>>>>>>> Drill version: 1.15.0 >>>>>>>>>> Java(TM) SE Runtime Environment (build 1.8.0_191-b12) >>>>>>>>>> >>>>>>>> >>>>>>> >>> >>
