[Bro-Dev] #829: terminate called after throwing an instance of 'std::logic_error'

Bro Tracker bro at tracker.bro-ids.org
Wed Jun 13 09:02:35 PDT 2012 

#829: terminate called after throwing an instance of 'std::logic_error'
-----------------------------+------------------------
  Reporter:  Tyler.Schoenke  |      Owner:
      Type:  Merge Request   |     Status:  new
  Priority:  Normal          |  Milestone:  Bro2.1
 Component:  Bro             |    Version:  git/master
Resolution:                  |   Keywords:
-----------------------------+------------------------

Comment (by Tyler.Schoenke):

 Replying to [comment:11 jsiwek]:
 > I don't think so.  Just curious, what was Bro's `snaplen` setting?  (and
 to clarify, I meant that if it differed from the default 8192, to use that
 value with tcpdump).

 Bro's snaplen was 8192.  I guess it didn't matter.

 > But maybe better is to just have Bro itself be dumping the packets as it
 sees them, e.g.:
 >
 > {{{
 > bro -w test.pcap -i eth0 record_all_packets=T
 > }}}
 >
 > And then see if rerunning on that test.pcap after it crashes can
 reproduce it.

 How is this for weird?

 {{{
 root at browrk3:~/test# bro -w test.pcap -i eth1 record_all_packets=T
 <params>, line 1: listening on eth1, capture length 8192 bytes

 1339603109.086308 internal error in <params>, line 1: unexpected IP proto
 in ICMP analyzer
 Aborted (core dumped)
 root at browrk3:~/test# ls -l
 total 179704
 -rw-r--r-- 1 root root      3780 2012-06-13 09:58 conn.log
 -rw------- 1 root root 156737536 2012-06-13 09:58 core
 -rw-r--r-- 1 root root         0 2012-06-13 09:58 debug.log
 -rw-r--r-- 1 root root     89776 2012-06-13 09:58 dns.log
 -rw-r--r-- 1 root root      2742 2012-06-13 09:58 dpd.log
 -rw-r--r-- 1 root root     96979 2012-06-13 09:58 http.log
 -rw-r--r-- 1 root root      1176 2012-06-13 09:58 notice.log
 -rw-r--r-- 1 root root      1075 2012-06-13 09:58 notice_policy.log
 -rw-r--r-- 1 root root       198 2012-06-13 09:58 packet_filter.log
 -rw-r--r-- 1 root root       499 2012-06-13 09:58 smtp_entities.log
 -rw-r--r-- 1 root root      1033 2012-06-13 09:58 smtp.log
 -rw-r--r-- 1 root root     24981 2012-06-13 09:58 ssl.log
 -rw-r--r-- 1 root root       460 2012-06-13 09:58 syslog.log
 -rw-r--r-- 1 root root 128022520 2012-06-13 09:58 test.pcap
 -rw-r--r-- 1 root root     81166 2012-06-13 09:58 weird.log
 root at browrk3:~/test# bro -r test.pcap
 root at browrk3:~/test# echo $?
 0
 }}}

-- 
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/829#comment:12>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list