[Bro-Dev] [JIRA] (BIT-1159) count/port comparisons silently fail when part of a record
Justin Azoff (JIRA)
jira at bro-tracker.atlassian.net
Fri Mar 14 16:08:18 PDT 2014
Justin Azoff created BIT-1159:
---------------------------------
Summary: count/port comparisons silently fail when part of a record
Key: BIT-1159
URL: https://bro-tracker.atlassian.net/browse/BIT-1159
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: 2.2, git/master
Reporter: Justin Azoff
Priority: Low
If you try to compare a count to a port directly, you get the following:
{code}
operands must be of the same type (1500/tcp < 2000)
{code}
but if you have a record, and mixup the types like so, it silently fails:
{code}
type PortRange: record {
min: port &default=1/tcp;
max: port &default=65535/tcp;
};
global pr = PortRange($min=1000,$max=2000);
#CORRECT: global pr = PortRange($min=1000/tcp,$max=2000/tcp);
event bro_init()
{
print (pr$min <= 1500/tcp && 1500/tcp < pr$max) ? "OK" : "NOTOK";
}
{code}
{code}
$ bro a.bro
NOTOK
{code}
--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)
More information about the bro-dev
mailing list