From giani at di.unipi.it Wed Nov 15 02:06:46 2000 From: giani at di.unipi.it (Antonella Giani) Date: Wed, 15 Nov 2000 11:06:46 +0100 (CET) Subject: net specification in bro Message-ID: I downloaded and installed bro 0.6 without problems, apart from some minor changes required in Makefile.in and Rlogin.h. I noticed, however, that this version of bro still validates values of type 'net' according to the outdated 'class A/B/C/D' convention. This is a problem for us, because our local network includes two non contiguous nets /24 with addresses belonging to 'old' class B. Before modifying bro source code, I ask to this list whether bro developers have already updated the code to meet more recent conventions (e.g. CIDR format). In addition, I'd like to know whether bro developers have planned to extend bro language with a type 'interval of IP addresses'. Thank you, Antonella Antonella Giani Dipartimento di Informatica - Corso Italia 40, 56125 Pisa (Italy) Tel: +39-050-887228 Fax: +39-050-887226 web: http://www.di.unipi.it/~giani/giani.html From vern at ee.lbl.gov Thu Nov 16 00:56:21 2000 From: vern at ee.lbl.gov (Vern Paxson) Date: Thu, 16 Nov 2000 00:56:21 PST Subject: net specification in bro In-Reply-To: Your message of Wed, 15 Nov 2000 11:06:46 +0100. Message-ID: <200011160856.eAG8uLo24279@daffy.ee.lbl.gov> > I downloaded and installed bro 0.6 without problems, apart from some > minor changes required in Makefile.in and Rlogin.h. (These are fixed for 0.7, by the way.) > I noticed, however, that this version of bro still validates values > of type 'net' according to the outdated 'class A/B/C/D' convention. Yes, sorry about that. This isn't fixed for 0.7, either (since the sites at which I run Bro don't happen to need this, and I'm short of cycles), except there are some uses of mask_addr() that let you use /24's for particular networks that Bro looks at. You can get a pre-release snapshot from: ftp://ftp.ee.lbl.gov/.vp-bro-pub-0.7a48.tar.gz by the way. The general solution requires adding CIDR prefixes to Bro, which is tricky because they have to work efficiently when used as table/set indices. It's that difficulty that's made it expensive for me to add this, absent a need to do so in my daytime job. > In addition, I'd like to know whether bro developers have planned > to extend bro language with a type 'interval of IP addresses'. I hadn't considered this - do you need something different from what you could achieve if Bro supported /n prefixes? Vern From giani at di.unipi.it Fri Nov 17 01:18:18 2000 From: giani at di.unipi.it (Antonella Giani) Date: Fri, 17 Nov 2000 10:18:18 +0100 (CET) Subject: net specification in bro In-Reply-To: <200011160856.eAG8uLo24279@daffy.ee.lbl.gov> Message-ID: > Yes, sorry about that. This isn't fixed for 0.7, either > [...] > The general solution requires adding CIDR prefixes to Bro, which is > tricky because they have to work efficiently when used as table/set > indices. We are planning to fix it, because we are quite interested in Bro and we are going to use it a lot. I'll post any result to this list, so if you are interested you can consider including it into future versions. > > In addition, I'd like to know whether bro developers have planned > > to extend bro language with a type 'interval of IP addresses'. > > I hadn't considered this - do you need something different from what you > could achieve if Bro supported /n prefixes? Yes, I mean something more general: a way to specify IP ranges that cannot be specified through net masks such as /n, e.g. 192.168.34.12-23 Antonella Antonella Giani Dipartimento di Informatica - Corso Italia 40, 56125 Pisa (Italy) Tel: +39-050-887228 Fax: +39-050-887226 web: http://www.di.unipi.it/~giani/giani.html From vern at ee.lbl.gov Mon Nov 20 01:37:43 2000 From: vern at ee.lbl.gov (Vern Paxson) Date: Mon, 20 Nov 2000 01:37:43 PST Subject: net specification in bro In-Reply-To: Your message of Fri, 17 Nov 2000 10:18:18 PST. Message-ID: <200011200937.eAK9bhn07011@daffy.ee.lbl.gov> > We are planning to fix it, because we are quite interested in Bro and we > are going to use it a lot. I'll post any result to this list, so if you are > interested you can consider including it into future versions. Great, I'm very interested in picking up fixes such as these. > > I hadn't considered this - do you need something different from what you > > could achieve if Bro supported /n prefixes? > > Yes, I mean something more general: a way to specify IP ranges that cannot > be specified through net masks such as /n, e.g. 192.168.34.12-23 That sounds good. Vern