[Bro-Dev] [JIRA] (BIT-903) -b turns off -f
Seth Hall (JIRA)
jira at bro-tracker.atlassian.net
Thu Nov 7 07:38:31 PST 2013
[ https://bro-tracker.atlassian.net/browse/BIT-903?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14608#comment-14608 ]
Seth Hall commented on BIT-903:
-------------------------------
This issue begs a couple of questions.
Should Bro scripts have access to command line arguments? If they did, we could have a script that monitors for the flag being given and complaining if the PacketFilter framework isn't loaded.
Should we always load the PacketFilter framework? (I don't think we should).
> -b turns off -f
> ---------------
>
> Key: BIT-903
> URL: https://bro-tracker.atlassian.net/browse/BIT-903
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Reporter: Vern Paxson
> Fix For: 2.3
>
> Attachments: single-tcp-conn-est.trace
>
>
> Running with \-b (bare bones) disables processing by \-f. Boy did this take me a long time to figure out :-(.
> Reproduce using the appended trace. Invoking with *-e 'event connection_established(c:connection) \{ print "yep"; }*' will print "yep". Invoking with that plus *-f 'not tcp*' won't print anything. But invoking with *-f 'not tcp' \-b* _does_ print "yep".
--
This message was sent by Atlassian JIRA
(v6.2-OD-01#6204)
More information about the bro-dev
mailing list