From 28f4d45d3398cde2965f18876fb72c8f149279fe Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 5 Nov 2015 12:13:52 -0600 Subject: [PATCH] Fix potential race condition when logging VLAN info to conn.log Lowered priority of a connection_state_remove event handler to ensure that the "conn" field is initialized in the connection record before attempting to add the VLAN tags. --- scripts/policy/protocols/conn/vlan-logging.bro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/policy/protocols/conn/vlan-logging.bro b/scripts/policy/protocols/conn/vlan-logging.bro index c4408bcf59..e0692c5ab5 100644 --- a/scripts/policy/protocols/conn/vlan-logging.bro +++ b/scripts/policy/protocols/conn/vlan-logging.bro @@ -15,7 +15,7 @@ redef record Info += { # Add the VLAN information to the Conn::Info structure after the connection # has been removed. This ensures it's only done once, and is done before the # connection information is written to the log. -event connection_state_remove(c: connection) &priority=5 +event connection_state_remove(c: connection) { if ( c?$vlan ) c$conn$vlan = c$vlan;