[Bro-Dev] Plugin branch status
Siwek, Jonathan Luke
jsiwek at illinois.edu
Mon Jun 3 09:39:49 PDT 2013
On Jun 2, 2013, at 10:18 PM, Robin Sommer <robin at icir.org> wrote:
> core.tunnels.teredo-known-services … failed
There's a subtle change to the test in this branch: it no longer does `bro -b`. The reason that ends up mattering for the test is that the pcap has a connection for which both Teredo and DNS analyzers get attached and the Teredo analyzer does this thing where it won't emit a protocol_confirmation if some other analyzer on the same connection has already. When doing `bro -b`, the DNS analyzer doesn't get attached since the associated scripts aren't loaded, but the Teredo analyzer does since it has a signature that matches and so it will emit a protocol_confirmation which causes the known_service.log.
> From the test description I'm not sure if known_services.log can
> legitimately be missing in the 2nd case.
Seems fine. Or you can add the -b back.
More information about the bro-dev