[Bro-Dev] #829: terminate called after throwing an instance of 'std::logic_error'
Bro Tracker
bro at tracker.bro-ids.org
Fri Jun 15 14:36:07 PDT 2012
#829: terminate called after throwing an instance of 'std::logic_error'
-----------------------------+------------------------
Reporter: Tyler.Schoenke | Owner:
Type: Merge Request | Status: new
Priority: Normal | Milestone: Bro2.1
Component: Bro | Version: git/master
Resolution: | Keywords:
-----------------------------+------------------------
Comment (by Tyler.Schoenke):
Replying to [comment:16 jsiwek]:
> Replying to [comment:14 Tyler.Schoenke]:
> They're stored in network-byte order. If you reverse the octets in the
dotted-quads you gave, I think it looks reasonable.
That makes sense. I typically don't dig into the code this much, so I
suspected that I was wrong with my analysis.
> > On a different run, I had this for ICMP type and code, which look out
of range.
>
> Yeah, that's probably because the packet isn't actually ICMP/ICMPv6, but
rather TCP or UDP packets are getting in there somehow (protocol numbers 6
and 17).
I thought it was a bit strange tcp and upd protocols were showing up in
the icmp analyzer, but didn't understand enough about the code to know if
that was normal or not.
> Replying to [comment:15 grigorescu]:
> Thanks, I'll try to reproduce it on that OS and see if there's something
more that needs to be done, but if that version of libpcap, when reading
live, was replacing the packet buffer out from under us in between the
time the packet is first seen and when it gets delivered to the ICMP
analyzer, that could explain what's going on.
I think I was using libpcap 0.8. As I mentioned, the upgrade to 1.2.1 got
rid of the error and crashing.
Thanks,
Tyler
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/829#comment:18>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list