non-void function returns without a value

Obdnanr_smith · June 20, 2016, 3:13pm

We’re using the following script to white list DNS requests. In the reporter.log we are getting the following error multiple times every millisecond. Anyone know what we’re doing wrong? Can bad scripts cause the logs to fail to rotate correctly?

Jun 20 10:58:05 Reporter::ERROR field value missing [FILTER::rec$query] /usr/local/bro/spool/installed-scripts-do-not-touch/site/mysite/dns-filter.bro, line 13
Jun 20 10:58:05 Reporter::WARNING non-void function returns without a value: FILTER::filter_pred (empty)

module FILTER;

function filter_pred (rec: DNS::Info) : bool
{
if(“microsoft.com” in rec$query)

return F;
return T;

}

event bro_init()
{
Log::remove_default_filter(DNS::LOG);
Log::add_filter(DNS::LOG, [$name=“dns-filter”,
$path=“dns”,
$exclude=set(“trans_id”, “qclass”, “qclass_name”, “qtype”, “rcode”, “rcode_name”, “QR”, “AA”, “TC”, “RD”, “RA”, “Z”, “TLLs”, “rejected”),
$pred=filter_pred]);
}

johanna · June 20, 2016, 4:01pm

You need to check if rec$query is defined before accessing it; otherwhise
the function will just abort if query is not set without returning
anything.

So

if (rec?$query && "microsoft.com" in rec$query)
return F;

return T;

as a function body instead of what you are using should probably work.

Johanna

Topic		Replies	Views
Problem with QR field in dns log Zeek	2	66	May 6, 2022
report log for error message Zeek	4	88	May 6, 2022
DNS script bug? Development development	3	77	May 6, 2022
bro scripting issue Zeek	3	78	May 6, 2022
missing void type Zeek	3	121	May 6, 2022

non-void function returns without a value

Related topics