I’ve isolated the problem to using an ‘int’ in a record type as seen below. According to try.bro.org the it started to fail between versions 2.3 and 2.4. If you change the boothnum to a string and put quotes around it, everything is fine.

Was there a syntax change that requires something around the int when it’s initialized?

-Dop

@load base/frameworks/input
@load base/frameworks/notice

add some stuff to generate notices from our test traffic:

@load misc/scan
@load misc/detect-traceroute
@load protocols/ssh/detect-bruteforcing

module Conn;

export {

type vlandata: record {
booth: string &log &optional;
boothnum: int &log &optional;
};

global vlanlist: table[int] of vlandata = table() &redef;

}

redef vlanlist += {
[11] = [$booth=“darkspace”],
[18] = [$booth=“ASDF”,$boothnum=1743]
};

Does it work if you use 'count' instead of 'int' ?

sigh

That works, and int works if I prepend a + to the number.

Thanks,

Dop

That makes sense. The typecasting has some trouble promoting numbers assigned that way sometimes. If you create a minimal test case that fails in a way that you think it should work, it would help to have a ticket filed.

Thanks!
  .Seth

Here is a minimal test that works, but if you remove the "+" sign, then it fails:

type myrecord: record {
     ii: int;
};

# The "+" sign is required here:
global rr1 = myrecord($ii = +3);

# But "+" is not required here:
global rr2: myrecord;
rr2$ii = 3;

print rr1;
print rr2;