[Bro-Dev] BiF parsing index types
Seth Hall
seth at icir.org
Tue May 24 08:28:20 PDT 2011
On May 23, 2011, at 2:01 PM, Vern Paxson wrote:
> No, it shouldn't. I suspect the problem is that nb_dns is returning an
> internal error and the caller lacks enough specifics to understand whether
> it represents something fatal or just means "forget about the current
> lookup".
I suppose the more direct question is, are there any times where values returned from nb_dns_activity being less than 0 would represent a fatal error?
Offhand I can't think of any unless that same code path is used when doing remote Bro connections. Any other time (I think) it would represent some sort of analysis-based lookup in which I would rather Bro keeps running than completely failing.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list