[Bro-Dev] DNS script bug?
Matt Thompson
mthompson at hexwave.com
Sun Nov 25 12:49:52 PST 2012
I think I figured it out.
if ( ! c$dns?$total_answers )
c$dns$total_answers = msg$num_answers;
That sets total_answers if the total_answers field does not exist (?$).
It does exist with a default of 0, so the field was never set. Removing
this if statement results in c$dns$ready becoming true.
I noticed this because the following wasn't working in my local scripts
event DNS::do_reply(c: connection, msg: dns_msg, ans: dns_answer, reply:
string) &priority=4
{
if ( c$dns$ready )
{
print "DNS!";
}
}
Cheers,
Matt
On 11/25/2012 02:27 PM, Matt Thompson wrote:
> I'm working from latest git. It seems that dns.bro is only logging to
> the DNS log on connection_state_remove().
>
> dns$ready is never set to T .. what is the following if supposed to be
> doing? dns$total answers == 0 here.
>
> if ( c$dns?$answers&& c$dns?$total_answers&&
> |c$dns$answers| == c$dns$total_answers )
> {
> add c$dns_state$finished_answers[c$dns$trans_id];
> # Indicate this request/reply pair is ready to be logged.
> c$dns$ready = T;
> }
> }
>
> Cheers,
> Matt
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro-ids.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>
More information about the bro-dev
mailing list