Hi everyone,
I'm running bro version 1.5.2.2. I am trying to get the
drop_source_and_terminate function working.
I have a test notice set up that calls drop_source_and_terminate. It is
logging the NOTICE_DROP, but the terminate_connection(n$conn) doesn't
seem to be working. I'm not seeing TerminatingConnection or
TerminatingConnectionIgnored notices, and am getting the following error:
1275573771.744509 /usr/local/bro/share/bro/notice-action-filters.bro,
line 74 (terminate_connection): run-time error, value used but not set
Any ideas?
Tyler
1275573771.744509 /usr/local/bro/share/bro/notice-action-filters.bro,
line 74 (terminate_connection): run-time error, value used but not set
Any ideas?
Try the appended patch and let me know if it fixes the problem.
Vern
Index: policy/notice-action-filters.bro
Vern,
Thanks for the patch, yes, that fixed the error message. I also had to remove the ./ from ./rst in terminate-connection.bro to get the rst utility to work. Should I add these to the tracker?
--- terminate-connection.bro.orig 2010-06-04 16:21:02.000000000 -0600
+++ terminate-connection.bro 2010-06-04 16:46:51.000000000 -0600
@@ -32,7 +32,7 @@
{
local local_init = is_local_addr(id$orig_h);
- local term_cmd = fmt("./rst %s -n 32 -d 20 %s %d %d %s %d %d",
+ local term_cmd = fmt("rst %s -n 32 -d 20 %s %d %d %s %d %d",
local_init ? "-R" : "",
id$orig_h, id$orig_p, get_orig_seq(id),
id$resp_h, id$resp_p, get_resp_seq(id));
@@ -43,7 +43,7 @@
NOTICE([$note=TerminatingConnection, $conn=c,
$msg=term_cmd, $sub="first termination command"]);
- term_cmd = fmt("./rst %s -r 2 -n 4 -s 512 -d 20 %s %d %d %s %d %d",
+ term_cmd = fmt("rst %s -r 2 -n 4 -s 512 -d 20 %s %d %d %s %d %d",
local_init ? "-R" : "",
id$orig_h, id$orig_p, get_orig_seq(id),
id$resp_h, id$resp_p, get_resp_seq(id));
Tyler
Thanks for the patch, yes, that fixed the error message.
Cool.
I also had to remove the ./ from ./rst in terminate-connection.bro to
get the rst utility to work. Should I add these to the tracker?
No need, I'll check them in directly as fixes now.
Vern