I am using bro version 0.7a48, which ofcourse came with the usual slew of
scripts in /usr/local/share/bro. Bro always complains about the file conn.bro
line 197, which is trying to:
if ( have_FTP && is_ftp_data_conn(c) )
That looks ok to me (have_FTP is set to T), the error is:
982815367.072217 ./conn.bro, line 198 (is_ftp_data_conn): run-time error, value used but not set
have_FTP should only be true if you did "@load ftp" somewhere in your
policy script (or loaded one of the standard scripts that does this).
If you're setting it by hand instead, that's your problem. If not, please
send me exactly how you're invoking Bro and with what policy script.
One more quick question, what does &redef do? I see it smattered all over but
never mentioned in the docs.
It marks a variable as redefinable (or refinable). So for example you
global foo = 5 &redef;
redef foo = 4;
and the second definition redefines foo's initial value to be 4 rather than 5.
You also can use += and -= to redef aggregate variables (tables, sets) to have
more or fewer members (and you can use += to add to a pattern variable).
If the first declaration of foo above didn't include &redef, then Bro
would complain upon seeing the second definition.
redef is a basic mechanism for allowing one policy script to override
some of the values in another script so you can express one policy as
modifications to another policy, rather than having to maintain two
slightly different versions of the policies.