Trying to get drop_source_and_terminate working

Zeek
1

Hi everyone,

I'm running bro version 1.5.2.2. I am trying to get the
drop_source_and_terminate function working.

I have a test notice set up that calls drop_source_and_terminate. It is
logging the NOTICE_DROP, but the terminate_connection(n$conn) doesn't
seem to be working. I'm not seeing TerminatingConnection or
TerminatingConnectionIgnored notices, and am getting the following error:

1275573771.744509 /usr/local/bro/share/bro/notice-action-filters.bro,
line 74 (terminate_connection): run-time error, value used but not set

Any ideas?

Tyler

2

1275573771.744509 /usr/local/bro/share/bro/notice-action-filters.bro,
line 74 (terminate_connection): run-time error, value used but not set

Any ideas?

Try the appended patch and let me know if it fixes the problem.

    Vern

Index: policy/notice-action-filters.bro

3

Vern,

Thanks for the patch, yes, that fixed the error message. I also had to remove the ./ from ./rst in terminate-connection.bro to get the rst utility to work. Should I add these to the tracker?

--- terminate-connection.bro.orig 2010-06-04 16:21:02.000000000 -0600
+++ terminate-connection.bro 2010-06-04 16:46:51.000000000 -0600
@@ -32,7 +32,7 @@
                {
                local local_init = is_local_addr(id$orig_h);

- local term_cmd = fmt("./rst %s -n 32 -d 20 %s %d %d %s %d %d",
+ local term_cmd = fmt("rst %s -n 32 -d 20 %s %d %d %s %d %d",
                                        local_init ? "-R" : "",
                                        id$orig_h, id$orig_p, get_orig_seq(id),
                                        id$resp_h, id$resp_p, get_resp_seq(id));
@@ -43,7 +43,7 @@
                        NOTICE([$note=TerminatingConnection, $conn=c,
                                $msg=term_cmd, $sub="first termination command"]);

- term_cmd = fmt("./rst %s -r 2 -n 4 -s 512 -d 20 %s %d %d %s %d %d",
+ term_cmd = fmt("rst %s -r 2 -n 4 -s 512 -d 20 %s %d %d %s %d %d",
                                local_init ? "-R" : "",
                                id$orig_h, id$orig_p, get_orig_seq(id),
                                id$resp_h, id$resp_p, get_resp_seq(id));

Tyler

4

Thanks for the patch, yes, that fixed the error message.

Cool.

I also had to remove the ./ from ./rst in terminate-connection.bro to
get the rst utility to work. Should I add these to the tracker?

No need, I'll check them in directly as fixes now.

    Vern