Paul Pearce created BIT-1338:
--------------------------------
Summary: http response mime types uninitialized in
file_over_new_connection event
Key: BIT-1338
URL: https://bro-tracker.atlassian.net/browse/BIT-1338
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Reporter: Paul Pearce
http resp_mime_types (accessed via: connection$http$resp_mime_types) are no
longer initialized during the file_over_new_connection event. This is new
behavior between Bro v2.3 and git/master.
The following snippet shows the new behavior on one of the included bro test
traces.
{code:bash}
$ bro_v23 -e 'event file_over_new_connection(f: fa_file, c:connection,
is_orig:bool){ print c$http?$resp_mime_types; }' -r
bro/testing/btest/Traces/http/get.trace
T
$ bro_git -e 'event file_over_new_connection(f: fa_file, c:connection,
is_orig:bool){ print c$http?$resp_mime_types; }' -r
bro/testing/btest/Traces/http/get.trace
F
{code}
It's worth pointing out that ultimately the resp_mime_types field does get set
for subsequent events.
{code:bash}
$ bro_v23 -e 'event http_message_done (c: connection, is_orig: bool, stat:
http_message_stat){ if (!is_orig) print c$http?$resp_mime_types; }' -r
bro/testing/btest/Traces/http/get.trace
T
$ bro_git -e 'event http_message_done (c: connection, is_orig: bool, stat:
http_message_stat){ if (!is_orig) print c$http?$resp_mime_types; }' -r
bro/testing/btest/Traces/http/get.trace
T
{code}
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
