[Bro-Dev] Plugin branch status

Siwek, Jonathan Luke jsiwek at illinois.edu
Mon Jun 3 09:39:49 PDT 2013

On Jun 2, 2013, at 10:18 PM, Robin Sommer <robin at icir.org> wrote:
> core.tunnels.teredo-known-services … failed

There's a subtle change to the test in this branch: it no longer does `bro -b`.  The reason that ends up mattering for the test is that the pcap has a connection for which both Teredo and DNS analyzers get attached and the Teredo analyzer does this thing where it won't emit a protocol_confirmation if some other analyzer on the same connection has already.  When doing `bro -b`, the DNS analyzer doesn't get attached since the associated scripts aren't loaded, but the Teredo analyzer does since it has a signature that matches and so it will emit a protocol_confirmation which causes the known_service.log.

> From the test description I'm not sure if known_services.log can
> legitimately be missing in the 2nd case.

Seems fine.  Or you can add the -b back.

- Jon

More information about the bro-dev mailing list