[Bro-Dev] #830: topic/tunnels
Bro Tracker
bro at tracker.bro-ids.org
Mon Jun 18 15:34:19 PDT 2012
#830: topic/tunnels
---------------------+------------------------
Reporter: jsiwek | Owner: jsiwek
Type: Task | Status: assigned
Priority: Normal | Milestone: Bro2.1
Component: Bro | Version: git/master
Resolution: | Keywords:
---------------------+------------------------
Comment (by jsiwek):
I addressed all your suggestions in [comment:9 comment 9] in `topic/jsiwek
/tunnels-merge` that you can take a look at. Probably the conn.log
baselines in `bro-testing` and `bro-testing-private` need updating again
since I changed the "parents" field to be named "tunnel_parents". This
one I thought might need more explanation than just looking at the code
diffs:
> - tunnel/main.bro: tunnel_changed() event: there's something here I
don't
> understand. Shouldn't c$tunnel already be registered?
Yes, c$tunnel should have already been registered, so that was redundant
to have in the tunnel/main.bro handler.
> what if a layer goes away, does that need to be removed
> here? Or is that done separately?
The handler in conn/main.bro keeps track of the current encapsulation
stack by setting c$tunnel. Doing that works for all cases where
tunnel_changed happens: a layer gets added, a layer gets removed, or a
layer changed.
> Also, conn/main.bro has a
> tunnel_changed handler at the same priority that *sets*
> c$tunnel. That's seems undefined behaviour.
I think that concern goes away now that the handler in tunnel/main.bro
doesn't inspect c$tunnel at all anymore. Let me know if not.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/830#comment:18>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list