non-void function returns without a value

Obdnanr_smith · June 20, 2016, 3:13pm

We’re using the following script to white list DNS requests. In the reporter.log we are getting the following error multiple times every millisecond. Anyone know what we’re doing wrong? Can bad scripts cause the logs to fail to rotate correctly?

Jun 20 10:58:05 Reporter::ERROR field value missing [FILTER::rec$query] /usr/local/bro/spool/installed-scripts-do-not-touch/site/mysite/dns-filter.bro, line 13
Jun 20 10:58:05 Reporter::WARNING non-void function returns without a value: FILTER::filter_pred (empty)

module FILTER;

function filter_pred (rec: DNS::Info) : bool
{
if(“microsoft.com” in rec$query)

return F;
return T;

}

event bro_init()
{
Log::remove_default_filter(DNS::LOG);
Log::add_filter(DNS::LOG, [$name=“dns-filter”,
$path=“dns”,
$exclude=set(“trans_id”, “qclass”, “qclass_name”, “qtype”, “rcode”, “rcode_name”, “QR”, “AA”, “TC”, “RD”, “RA”, “Z”, “TLLs”, “rejected”),
$pred=filter_pred]);
}

johanna · June 20, 2016, 4:01pm

You need to check if rec$query is defined before accessing it; otherwhise
the function will just abort if query is not set without returning
anything.

So

if (rec?$query && "microsoft.com" in rec$query)
return F;

return T;

as a function body instead of what you are using should probably work.

Johanna

Topic		Replies	Views
missing void type Zeek	3	85	May 6, 2022
Some bro.bif issues Development development	5	78	May 6, 2022
pkg add-interfaces Zeek	3	98	May 6, 2022
Returning NULL? Zeek	2	100	May 6, 2022
Bro 0.6 and empty const values Zeek	1	111	May 6, 2022

non-void function returns without a value

Related Topics