[Bro] non-void function returns without a value
Johanna Amann
johanna at icir.org
Mon Jun 20 09:01:48 PDT 2016
You need to check if rec$query is defined before accessing it; otherwhise
the function will just abort if query is not set without returning
anything.
So
if (rec?$query && "microsoft.com" in rec$query)
return F;
return T;
as a function body instead of what you are using should probably work.
Johanna
On Mon, Jun 20, 2016 at 03:13:10PM +0000, Obndnar smith wrote:
> We're using the following script to white list DNS requests. In the
> reporter.log we are getting the following error multiple times every
> millisecond. Anyone know what we're doing wrong? Can bad scripts cause
> the logs to fail to rotate correctly?
>
> Jun 20 10:58:05 Reporter::ERROR field value missing [FILTER::rec$query]
> /usr/local/bro/spool/installed-scripts-do-not-touch/site/mysite/dns-filter.bro,
> line 13
> Jun 20 10:58:05 Reporter::WARNING non-void function returns without a
> value: FILTER::filter_pred (empty)
>
> module FILTER;
>
> function filter_pred (rec: DNS::Info) : bool
> {
> if("microsoft.com" in rec$query)
> return F;
> return T;
> }
>
> event bro_init()
> {
> Log::remove_default_filter(DNS::LOG);
> Log::add_filter(DNS::LOG, [$name="dns-filter",
> $path="dns",
> $exclude=set("trans_id", "qclass",
> "qclass_name", "qtype", "rcode", "rcode_name", "QR", "AA", "TC", "RD",
> "RA", "Z", "TLLs", "rejected"),
> $pred=filter_pred]);
> }
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list