[Bro] Bro Digest, Vol 28, Issue 2
Robin Sommer
robin at icir.org
Tue Aug 5 17:07:47 PDT 2008
On Tue, Aug 05, 2008 at 10:42 +0200, you wrote:
> without '/tcp' the signature works.
Ah, I see. That's a bug. Can you try the attached patch and see if
that solves the problem?
Robin
--
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
-------------- next part --------------
Index: RuleMatcher.cc
===================================================================
--- RuleMatcher.cc (revision 6040)
+++ RuleMatcher.cc (working copy)
@@ -1048,11 +1048,15 @@
MaskedValue* mval = new MaskedValue;
switch ( v->Type()->Tag() ) {
+ case TYPE_PORT:
+ mval->val = v->AsPortVal()->Port();
+ mval->mask = 0xffffffff;
+ break;
+
case TYPE_BOOL:
case TYPE_COUNT:
case TYPE_ENUM:
case TYPE_INT:
- case TYPE_PORT:
mval->val = v->CoerceToUnsigned();
mval->mask = 0xffffffff;
break;
More information about the Bro
mailing list