[Bro-Dev] #816: Reworked PacketFilter framework

Bro Tracker bro at tracker.bro-ids.org
Fri May 4 20:58:11 PDT 2012


#816: Reworked PacketFilter framework
----------------------------+------------------------
  Reporter:  seth           |      Owner:
      Type:  Merge Request  |     Status:  new
  Priority:  Normal         |  Milestone:  Bro2.1
 Component:  Bro            |    Version:  git/master
Resolution:                 |   Keywords:
----------------------------+------------------------

Comment (by robin):

 This has problems, I see plenty differences with bro-testing-private and
 also one with bro-testing. It looks like the direction of connections
 isn't figured out correctly in some cases, I'm guessing because
 something's wrong with the well-known port heuristic after the DPD
 changes.

 As a test case look at connection s2CEbUBeqfi in
 009-M57-day11-18.trace.gz. Direction changes after applying this.

-- 
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/816#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker



More information about the bro-dev mailing list