[Bro-Dev] [JIRA] (BIT-1503) vlan-logging.bro assumes c$conn exists

Daniel Thayer (JIRA) jira at bro-tracker.atlassian.net
Wed Nov 4 10:37:00 PST 2015

    [ https://bro-tracker.atlassian.net/browse/BIT-1503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22804#comment-22804 ] 

Daniel Thayer commented on BIT-1503:

Rather than adding a c?$conn condition (which could prevent the vlan info from
being logged), you could just remove the &priority attribute on the event handler.
This would ensure that the "conn" field is initialized before the vlan info is added.

> vlan-logging.bro assumes c$conn exists
> --------------------------------------
>                 Key: BIT-1503
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1503
>             Project: Bro Issue Tracker
>          Issue Type: Improvement
>          Components: Bro
>    Affects Versions: git/master
>         Environment: git/master, CentOS 7, vlan tagged pcap.
>            Reporter: dop
>              Labels: vlan
> policy/protocols/conn/vlan-logging.bro
> When testing against random pcaps you'll get tons of errors like:
> 1446562801.530502 expression error in /usr/local/bro/share/bro/policy/protocols/conn/vlan-logging.bro, line 21: field value missing [Conn::c$conn]
> Adding a c?$conn condition removes that annoyance.
> -Dop

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list