[Bro-Dev] [JIRA] (BIT-1167) Add subnet support to intel framework
Vern Paxson (JIRA)
jira at bro-tracker.atlassian.net
Thu Mar 27 20:17:39 PDT 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15905#comment-15905 ]
Vern Paxson commented on BIT-1167:
----------------------------------
I don't know if this is the issue Robin had in mind, but one thing about subnets as table indexes is that they can overlap (two indices, one of which is a superset of the other), introducing ambiguity.
> Add subnet support to intel framework
> -------------------------------------
>
> Key: BIT-1167
> URL: https://bro-tracker.atlassian.net/browse/BIT-1167
> Project: Bro Issue Tracker
> Issue Type: Patch
> Components: Bro
> Affects Versions: 2.2
> Reporter: Brian Little
> Priority: Low
> Labels: intel, subnet
> Attachments: bro-intel-subnet.patch
>
>
> Here is a patch to add Intel::NET data as a type to search on. This allows adding whole subnets to the intel data rather than just individual addresses.
> I have also updated the btest.
> I'm not sure if the lookup is the best way of doing it - currently if loops through each subnet and then checks if the host is part of each. Is it possible to do it in a more efficient way?
--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)
More information about the bro-dev
mailing list