[Bro-Dev] [JIRA] (BIT-1338) http response mime types uninitialized in file_over_new_connection event
Paul Pearce (JIRA)
jira at bro-tracker.atlassian.net
Tue Mar 10 20:50:02 PDT 2015
Paul Pearce created BIT-1338:
--------------------------------
Summary: http response mime types uninitialized in file_over_new_connection event
Key: BIT-1338
URL: https://bro-tracker.atlassian.net/browse/BIT-1338
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Reporter: Paul Pearce
http resp_mime_types (accessed via: connection$http$resp_mime_types) are no longer initialized during the file_over_new_connection event. This is new behavior between Bro v2.3 and git/master.
The following snippet shows the new behavior on one of the included bro test traces.
{code:bash}
$ bro_v23 -e 'event file_over_new_connection(f: fa_file, c:connection, is_orig:bool){ print c$http?$resp_mime_types; }' -r bro/testing/btest/Traces/http/get.trace
T
$ bro_git -e 'event file_over_new_connection(f: fa_file, c:connection, is_orig:bool){ print c$http?$resp_mime_types; }' -r bro/testing/btest/Traces/http/get.trace
F
{code}
It's worth pointing out that ultimately the resp_mime_types field does get set for subsequent events.
{code:bash}
$ bro_v23 -e 'event http_message_done (c: connection, is_orig: bool, stat: http_message_stat){ if (!is_orig) print c$http?$resp_mime_types; }' -r bro/testing/btest/Traces/http/get.trace
T
$ bro_git -e 'event http_message_done (c: connection, is_orig: bool, stat: http_message_stat){ if (!is_orig) print c$http?$resp_mime_types; }' -r bro/testing/btest/Traces/http/get.trace
T
{code}
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
More information about the bro-dev
mailing list