[Bro] Load Balancers

Bill Jones bill.jones at syntervision.com
Sat Feb 6 13:02:57 PST 2010


Vern,

Wow, thanks for the quick response!  I am going to look deeper into
the causes, but this is exactly the type of short-term solution I was
looking for.  Much obliged.  I will be sure to report back if I have
any interesting findings.


Regards,
Bill


On Sat, Feb 6, 2010 at 3:52 PM, Vern Paxson <vern at icir.org> wrote:
>> Am I correct in assuming that the lack of initial connection
>> establishment is why the HTTP analysis is never occurring (and
>> therefore I'm not getting entries in http.log)?
>
> Yes.  The appended patch should cause the analyzer to function anyway.
>
>> Thanks for the response.  I do actually see a "Connection:
>> Keep-Alive\r\n" in the GET packet.  From this, can I assume that a
>> persistent connection is being held, thus the confusion by bro?
>
> That's doubtless what's happening.  (FYI, seeing that from the client side
> it's just a request, than necessarily imposed on the connection.  However,
> in the setup you describe, surely the server is accepting this, and hence
> the seemingly missing SYNs for later requests.)
>
>                Vern
>
>
> Index: src/HTTP.cc
> ===================================================================
> --- src/HTTP.cc (revision 6971)
> +++ src/HTTP.cc (working copy)
> @@ -753,7 +753,7 @@
>        AddSupportAnalyzer(content_line_orig);
>
>        content_line_resp = new ContentLine_Analyzer(conn, false);
> -       content_line_resp->SetSkipPartial(true);
> +       // content_line_resp->SetSkipPartial(true);
>        AddSupportAnalyzer(content_line_resp);
>        }
>
> @@ -794,8 +794,8 @@
>        {
>        TCP_ApplicationAnalyzer::DeliverStream(len, data, is_orig);
>
> -       if ( TCP() && TCP()->IsPartial() )
> -               return;
> +       // if ( TCP() && TCP()->IsPartial() )
> +       //      return;
>
>        const char* line = reinterpret_cast<const char*>(data);
>        const char* end_of_line = line + len;
>




More information about the Bro mailing list