[Bro] internal error: unknown msg type 101 in Poll()
Seth Hall
hall.692 at osu.edu
Sat Feb 20 10:48:02 PST 2010
On Feb 20, 2010, at 10:17 AM, Sean McCreary wrote:
> I have been seeing several crashes per day due to 'internal error:
> unknown msg type 101 in Poll()' in the manager process of a bro
> cluster
> handling ~2.5 Gb/s of traffic. Here is a typical stack trace:
Try two things.
1. Apply this patch...
http://tracker.icir.org/bro/ticket/220#comment:13
2. Add the following to your local.bro script:
redef notice_action_filters += {
[Weird::ContentGap] = ignore_notice,
[Weird::AckAboveHole] = ignore_notice,
};
redef suppress_notice_actions += {
Weird::ContentGap,
Weird::AckAboveHole,
};
Hopefully those will help. There are bugs buried deeper in some of
that code, but those two changes should help to mitigate them on
cluster deployments.
Let me know how it goes.
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list