I have some code that's calling get_conn_transport_proto(), and it's usually
working fine. Occasionally, though, it throws an error:
1225984851.691449 /usr/local/bro-1.4/site/restricted-outgoing.bro, line 54
(get_conn_transport_proto(RestrictedOutgoing::c$id) and [orig_h=x.x.x.x,
orig_p=57475/tcp, resp_h=y.y.y.y, resp_p=80/tcp]): run-time error, unknown
connection id in get_conn_transport_proto()
The code itself looks like this:
print restricted_outgoing_file, fmt("%.6f Restricted Outgoing Connection : %s
%s", network_time(), id_string(c$id), get_conn_transport_proto(c$id));
This is part of a function that is called to handle the following events:
connection_established
connection_attempt
connection_rejected
connection_reset
udp_request
From looking at the code in bro.bif, I can see that this error message is
generated when the connection passes as the argument is not found in the list
of active connections.
I guess I must not be fully understanding something here. If any of the
above events occur, shouldn't they occur on valid connections? Or are there
some situations in which the connection might not be listed in the active
list?
Thanks,
David