[Bro-Dev] patterns and &&/|| vs. &/| operators

Johanna Amann johanna at icir.org
Thu Jun 21 15:35:33 PDT 2018

> If there actually is no (longer) problems with concatenating patterns
> at run-time, I'd agree to deprecate.
> I'm imagine it existed because there was such a problem with
> dynamically creating patterns at run-time, but don't know/remember
> what it was.

Now that you mention it - yes, there still is a problem as far as I know.
https://bro-tracker.atlassian.net/browse/BIT-328 seems to be the
relevant ticket.

This probably means that we will either have to limit p1 & p2 to only be
allowed when Bro is not processing traffic yet too - or fix the cleanup of
the DFA data structures.


