[Bro] Filtering PacketFilter::Dropped_Packets
Will
baxterw3232 at gmail.com
Tue Apr 17 14:33:25 PDT 2012
On Tue, Apr 17, 2012 at 11:19 AM, Seth Hall <seth at icir.org> wrote:
>
> On Apr 17, 2012, at 9:41 AM, Martin Holste wrote:
>
>> Looks like Will's method is working. Thanks much!
>
>
> Everything implemented internally should make this work. There is one thing I'm wondering though. In any of your scripts you're running locally, are you doing…
>
> redef Notice::policy = { … };
>
> Instead of…
>
> redef Notice::policy += { … };
Yes, all my are just like the example above, "+=", so I assume I was
just appending another action to the table.
Maybe not a bug then?
If I do a full re-assignment "=" instead, I wouldn't have multiple
actions assigned to the notice?
>
> It's a small difference, but causes a big change because those shortcuts (like ignored_types) are basically just pre-implemented notice policy items which you are blowing away if you do full set assignment instead of adding items to the set. I'll start trying to think of way to make that more resilient to this too. This fragility is the one thing I don't like about those pre-implemented policy items.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
More information about the Bro
mailing list