[Bro-Dev] #829: terminate called after throwing an instance of 'std::logic_error'

[Bro Tracker]

#829: terminate called after throwing an instance of 'std::logic_error'
-----------------------------+------------------------
  Reporter:  Tyler.Schoenke  |      Owner:
      Type:  Merge Request   |     Status:  new
  Priority:  Normal          |  Milestone:  Bro2.1
 Component:  Bro             |    Version:  git/master
Resolution:                  |   Keywords:
-----------------------------+------------------------

Comment (by jsiwek):

 Replying to [comment:14 Tyler.Schoenke]:
 > From the debugger, I seem to be getting some garbage data in the
 packets.  Neither IP addresses is in our address space.

 They're stored in network-byte order.  If you reverse the octets in the
 dotted-quads you gave, I think it looks reasonable.

 > On a different run, I had this for ICMP type and code, which look out of
 range.

 Yeah, that's probably because the packet isn't actually ICMP/ICMPv6, but
 rather TCP or UDP packets are getting in there somehow (protocol numbers 6
 and 17).

 Replying to [comment:15 grigorescu]:
 > I removed the libpcap that came with Ubuntu 10.04,installed
 libpcap-1.2.1.tar.gz from http://www.tcpdump.org/#latest-release , and the
 problem went away for me.

 Thanks, I'll try to reproduce it on that OS and see if there's something
 more that needs to be done, but if that version of libpcap, when reading
 live, was replacing the packet buffer out from under us in between the
 time the packet is first seen and when it gets delivered to the ICMP
 analyzer, that could explain what's going on.

-- 
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/829#comment:16>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker