[Bro-Dev] [JIRA] (BIT-1365) direction field of SSH::Info no longer populated

Justin Azoff (JIRA) jira at bro-tracker.atlassian.net
Sat Apr 18 21:14:02 PDT 2015 

    [ https://bro-tracker.atlassian.net/browse/BIT-1365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20322#comment-20322 ] 

Justin Azoff commented on BIT-1365:
-----------------------------------

Any reason why local-local couldn't be set to INTERNAL? and I suppose remote-remote set to EXTERNAL?

I think that if unset ends up meaning INTERNAL for most configurations, we should explicitly say that, and say EXTERNAL if that was not the case.  This would simplify things like searching and reporting.

(Now that I think of this, this applies to just about all the connection related log files, surprised that utils/site.bro doesn't have a helper for this)

> direction field of SSH::Info no longer populated
> ------------------------------------------------
>
>                 Key: BIT-1365
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1365
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: Jon Siwek
>            Assignee: Vlad Grigorescu
>             Fix For: 2.4
>
>
> Here's the bug report:
> {quote}
> Reporter::ERROR	field value missing
> [SSH::c$ssh$direction]	/usr/local/bro/share/bro/policy/protocols/ssh/geo-da
> ta.bro, line 29
> Reporter::WARNING	non-void function returns without a value:
> SSH::get_location	(empty)
> Tracing this back, it looks like the SSH::c$ssh$direction is not being
> populated. I checked the /base/protocols/ssh/main.bro file and it looks
> like the function is missing.
> Looking at https://www.bro.org/sphinx/_downloads/main32.bro and
> https://github.com/bro/bro/blob/master/scripts/base/protocols/ssh/main.bro
> it looks like the function that determined the direction was removed at
> one point, which looks like it causes the
> /usr/local/bro/share/bro/policy/protocols/ssh/geo-data.bro script to fail
> {quote}



--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)

More information about the bro-dev mailing list