[Bro-Dev] #411: Non-binpac analyzer generates incorrect weird
Bro Tracker
bro at tracker.bro-ids.org
Mon Aug 22 08:29:53 PDT 2011
#411: Non-binpac analyzer generates incorrect weird
----------------------+--------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: High | Milestone: Bro1.6
Component: Bro | Version:
Resolution: | Keywords:
----------------------+--------------------
Comment (by seth):
> You might want to check that the first of the two replies is indeed a
1xx
> reply. All of them are considered temporary. Which reminds me, you might
> want to check whether the script level handles these 1xx replies
> correctly. IIRC, a while ago the script layer would finish the request-
> reply pair when it saw a 1xx reply and then got (silently) confused when
> the final reply for the request came in.
Yep, my plan was to deal with this completely in the scripts and you're
right, the scripts don't currently account for this. Since the 1xx
responses do not impact further parsing of the HTTP protocol it doesn't
make sense to me to try and handle them specially within the core.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/411#comment:6>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list