Bro Error: fatal error in <no location>: Val::CONVERTER (string/record)

_peter · April 15, 2014, 12:36pm

Hi all,

I add a file named “main.bro” into the directory /usr/local/bro/share/bro/base/protocols/pop3/. The file’s content is as following:

module POP3;

export {
redef enum Log::ID += { LOG };

type Info: record {
ts: time &log;
src: addr &log;
srcport: port &log;
dst: addr &log;
dstport: port &log;
};

global log_pop: event(rec: Info);
}

redef record connection += {
pop3: Info &optional;
};

const ports = { 110/tcp };
redef likely_server_ports += { ports };

event bro_init() &priority=5
{
Log::create_stream(LOG, [$columns=Info, $ev=log_pop]);
Analyzer::register_for_ports(Analyzer::ANALYZER_POP3, ports);
}

event pop3_request(c: connection, is_orig: bool, command: string, arg: string) &priority=5
{
Log::write(LOG, command);
}

And I also modify the file load.bro, it’s content is as following:
@load-sigs ./dpd.sig
@load ./main

OK, after the modify, I run the command stop, then start in the broctl, it work ok!

But when I receive mail from pop3 server with my mail client, the bro is crash, and I found the error message in the logs/current/stderr.log:
[root@VPS2 logs]# more current/stderr.log
listening on em2, capture length 8192 bytes

1397564041.380190 fatal error in : Val::CONVERTER (string/record) (CAPA)

I don’t know what happened, and what should I do next. Does anyone’s bro support the pop3? Could you tell me how to do it?

Thank you.

Vlad_Grigorescu2 · April 15, 2014, 1:02pm

event pop3_request(c: connection, is_orig: bool, command: string, arg: string) &priority=5
{
Log::write(LOG, command);
}

Command needs to be an Info record. You're passing a string. You'll need to fill out an Info record and log that.

    type Info: record {
        ts: time &log;
        src: addr &log;
        srcport: port &log;
        dst: addr &log;
        dstport: port &log;
    };

Take a look at the other Bro scripts. This isn't a good Bro Info record. You're even using different terminology (Bro doesn't have the concept of a "source" or "destination" - it's "originator" and "responder.")

--Vlad

_peter · April 15, 2014, 1:28pm

Hi vladg,

Thank you very much. I modify the code follow your direction, it works now.

The code which works well is here, maybe someone need it

module POP3;

export {
redef enum Log::ID += { LOG };

type Info: record {
ts: time &log;
orig_h: addr &log;
orig_p: port &log;
resp_h: addr &log;
resp_p: port &log;
command: string &log;
arg: string &log;
};

global log_pop: event(rec: Info);
}

redef record connection += {
pop3: Info &optional;
};

const ports = { 110/tcp };
redef likely_server_ports += { ports };

event bro_init() &priority=5
{
Log::create_stream(POP3::LOG, [$columns=POP3::Info, $ev=log_pop]);
Analyzer::register_for_ports(Analyzer::ANALYZER_POP3, ports);
}

function set_session(c: connection, command: string, arg: string): Info
{
local l: Info;

l$ts = network_time();
l$orig_h = c$id$orig_h;
l$orig_p = c$id$orig_p;
l$resp_h = c$id$resp_h;
l$resp_p = c$id$resp_p;

l$command = command;
l$arg = arg;

return l;
}

event pop3_request(c: connection, is_orig: bool, command: string, arg: string) &priority=5
{

local myinfo: Info;
myinfo = set_session(c, command, arg);

Log::write(POP3::LOG, myinfo);
}

------------------ Original ------------------

Topic		Replies	Views
Fatal Error - Question Zeek	3	88	May 6, 2022
Bro beta install Zeek	3	127	May 6, 2022
bad tag in Val::CONVERTER Zeek	3	112	May 6, 2022
Bro crashing- Val::CONST_ACCESSOR Zeek	2	91	May 6, 2022
Geo Location Plugin Development development	25	157	May 6, 2022

Bro Error: fatal error in <no location>: Val::CONVERTER (string/record)

Related topics