> We are planning to fix it, because we are quite interested in Bro and we
> are going to use it a lot. I'll post any result to this list, so if you are
> interested you can consider including it into future versions.
Great, I'm very interested in picking up fixes such as these.
> > I hadn't considered this - do you need something different from what you
> > could achieve if Bro supported /n prefixes?
>
> Yes, I mean something more general: a way to specify IP ranges that cannot
> be specified through net masks such as /n, e.g. 192.168.34.12-23
That sounds good.
Vern
> I downloaded and installed bro 0.6 without problems, apart from some
> minor changes required in Makefile.in and Rlogin.h.
(These are fixed for 0.7, by the way.)
> I noticed, however, that this version of bro still validates values
> of type 'net' according to the outdated 'class A/B/C/D' convention.
Yes, sorry about that. This isn't fixed for 0.7, either (since the sites
at which I run Bro don't happen to need this, and I'm short of cycles),
except there are some uses of mask_addr() that let you use /24's for
particular networks that Bro looks at. You can get a pre-release snapshot
from:
ftp://ftp.ee.lbl.gov/.vp-bro-pub-0.7a48.tar.gz
by the way.
The general solution requires adding CIDR prefixes to Bro, which is tricky
because they have to work efficiently when used as table/set indices.
It's that difficulty that's made it expensive for me to add this, absent
a need to do so in my daytime job.
> In addition, I'd like to know whether bro developers have planned
> to extend bro language with a type 'interval of IP addresses'.
I hadn't considered this - do you need something different from what you
could achieve if Bro supported /n prefixes?
Vern
I downloaded and installed bro 0.6 without problems, apart from some
minor changes required in Makefile.in and Rlogin.h.
I noticed, however, that this version of bro still validates values
of type 'net' according to the outdated 'class A/B/C/D' convention.
This is a problem for us, because our local network includes two
non contiguous nets /24 with addresses belonging to 'old' class B.
Before modifying bro source code, I ask to this list whether bro
developers have already updated the code to meet more recent
conventions (e.g. CIDR format).
In addition, I'd like to know whether bro developers have planned
to extend bro language with a type 'interval of IP addresses'.
Thank you,
Antonella
Antonella Giani
Dipartimento di Informatica - Corso Italia 40, 56125 Pisa (Italy)
Tel: +39-050-887228 Fax: +39-050-887226
web: http://www.di.unipi.it/~giani/giani.html
