Bro currently misuses the any type to describe "handle" or "descriptor"
types. Consider for example the MD5 function family, which take a state
object as first argument. At the scripting layer, it has no other
purpose than mapping to the corresponding MD5 state at the core. Users
don't use it otherwise. There exists no dedicated handle type in Bro,
although it wouldn't be complicated to add one.
I am encountering this during the review of Soumya's cardinality counter
code. Before continuing with the merge, I propose to add a dedicated
opaque type that has the form:
opaque of T
where T is an identifier from the parsers perspective. For example, this
would entail a signature change from
md5_hash_init(idx: any): bool
md5_hash_init(idx: opaque of MD5): bool
At script load time, Bro can ensure type safety by performing string
comparisons that come with the identifier. Such a type would finally add
structure to the process of adding new BiFs and related extensions.
I'm seeing Bro actually crash for the scripts.base.frameworks.metrics.cluster-intermediate-update test and I'm having a hard time figuring out why it's crashing. Would someone mind taking a look at that soon?
International Computer Science Institute
(Bro) because everyone has a network
I'm working from latest git. It seems that dns.bro is only logging to
the DNS log on connection_state_remove().
dns$ready is never set to T .. what is the following if supposed to be
doing? dns$total answers == 0 here.
if ( c$dns?$answers && c$dns?$total_answers &&
|c$dns$answers| == c$dns$total_answers )
# Indicate this request/reply pair is ready to be logged.
c$dns$ready = T;
i am searching to find the Bro signature about :
MS08-067, ms05-017-msmq and some exploit vulnerability of
Microsoft.but unfortunately i can not find that .
any link where i can find?
thank you in advance
On 25 November 2012 03:00, <bro-dev-request(a)bro-ids.org> wrote:
> Reporter: carsten | Owner:
> Type: Merge Request | Status: new
> Priority: Normal | Milestone: Bro2.2
> Component: Bro | Version: git/master
> Resolution: | Keywords: logging
*Lê Thị Liêu*
Life Guidelines:" Đừng để đến ngày mai những việc gì có thể làm hôm nay."
Đường tuy ngắn không đi không đến
Việc tuy dễ không làm không xong