[Bro-Dev] [JIRA] (BIT-1159) count/port comparisons silently fail when part of a record

Robin Sommer (JIRA) jira at bro-tracker.atlassian.net
Thu Mar 20 04:26:44 PDT 2014


    [ https://bro-tracker.atlassian.net/browse/BIT-1159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15813#comment-15813 ] 

Robin Sommer commented on BIT-1159:
-----------------------------------




Yeah, I'm afraid it is ... That has indeed been a legitimate shortcut
since Bro's early versions. However, I wouldn't veto removing it; it
does indeed make some code parts quite a bit more complex, and I don't
think it's a crucial feature to have and rarely used anyways.




> count/port comparisons silently fail when part of a record
> ----------------------------------------------------------
>
>                 Key: BIT-1159
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1159
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master, 2.2
>            Reporter: Justin Azoff
>            Assignee: Jon Siwek
>            Priority: Low
>              Labels: language
>
> If you try to compare a count to a port directly, you get the following:
> {code}
> operands must be of the same type (1500/tcp < 2000)
> {code}
> but if you have a record, and mixup the types like so, it silently fails:
> {code}
> type PortRange: record {
>     min: port &default=1/tcp;
>     max: port &default=65535/tcp;
> };
> global pr = PortRange($min=1000,$max=2000);
> #CORRECT: global pr = PortRange($min=1000/tcp,$max=2000/tcp);
> event bro_init()
> {
>     print (pr$min <= 1500/tcp  && 1500/tcp < pr$max) ? "OK" : "NOTOK";
> }
> {code}
> {code}
> $ bro a.bro
> NOTOK
> {code}



--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)


More information about the bro-dev mailing list