[Bro] Notice suppression in beta

Lou RUPPERT himself at louruppert.com
Thu Nov 7 10:10:38 PST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

I'm still having trouble suppressing SSL notices in 2.2. I have this
code, which should work:

- --- snip ---
const safe_vendor_netblocks = { 192.168.0.0/16, 10.0.0.0/8, };

function suppress_ssl_notice(n: Notice::Info): bool
{
    # Vendors
    if (n$dst in safe_vendor_netblocks)
        return T;

    return F;
}

hook Notice::policy(n: Notice::Info) &priority=5
{
  if ( n$note == SSL::Invalid_Server_Cert && suppress_ssl_notice(n) )
    break;
}

- --- snip ---

But still I see notices coming through with IPs in the netblocks
listed and with a note for SSL::Invalid_Server_Cert. Shouldn't a break
issued from a hook with a greater priority than the default process
prevent the notice from being logged?

- -- 
I prefer encrypted email.  Get my key here:
http://www.louruppert.com/keys/115DCF62.asc
PGP Fingerprint: 3261 B9F9 9363 D512 56F8  12DD 127F 4D6A 115D CF62
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iEYEARECAAYFAlJ7154ACgkQEn9NahFdz2KsdgCfWo5l8wd0TcEXOYjuPvSvcm7k
UEIAoMvRUTudBUj0mEgUGGDfRU5PSdGh
=gM4F
-----END PGP SIGNATURE-----



More information about the Bro mailing list