net specification in bro
vern at ee.lbl.gov
Thu Nov 16 00:56:21 PST 2000
> I downloaded and installed bro 0.6 without problems, apart from some
> minor changes required in Makefile.in and Rlogin.h.
(These are fixed for 0.7, by the way.)
> I noticed, however, that this version of bro still validates values
> of type 'net' according to the outdated 'class A/B/C/D' convention.
Yes, sorry about that. This isn't fixed for 0.7, either (since the sites
at which I run Bro don't happen to need this, and I'm short of cycles),
except there are some uses of mask_addr() that let you use /24's for
particular networks that Bro looks at. You can get a pre-release snapshot
by the way.
The general solution requires adding CIDR prefixes to Bro, which is tricky
because they have to work efficiently when used as table/set indices.
It's that difficulty that's made it expensive for me to add this, absent
a need to do so in my daytime job.
> In addition, I'd like to know whether bro developers have planned
> to extend bro language with a type 'interval of IP addresses'.
I hadn't considered this - do you need something different from what you
could achieve if Bro supported /n prefixes?
More information about the Bro