diff --git a/aux/broctl b/aux/broctl index c39622855e..ad8dfaba0c 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit c39622855e3c3a5cc94c7376f86184ed1db1939a +Subproject commit ad8dfaba0c0c784060aa6f0c5e1fcf62244b1a51 diff --git a/scripts/policy/protocols/http/detect-sqli.bro b/scripts/policy/protocols/http/detect-sqli.bro index 4dde93f6bf..470615458e 100644 --- a/scripts/policy/protocols/http/detect-sqli.bro +++ b/scripts/policy/protocols/http/detect-sqli.bro @@ -39,13 +39,13 @@ export { event bro_init() { - Metrics::add_filter(SQL_ATTACKS, [$log=T, - $break_interval=1mins, + Metrics::add_filter(SQL_ATTACKS, [$log=F, + $break_interval=5mins, $note=SQL_Injection_Attacker]); - Metrics::add_filter(SQL_ATTACKS_AGAINST, [$log=T, - $break_interval=1mins, + Metrics::add_filter(SQL_ATTACKS_AGAINST, [$log=F, + $break_interval=5mins, $note=SQL_Injection_Attack, - $notice_thresholds=vector(10,100)]); + $notice_threshold=50]); } event http_request(c: connection, method: string, original_URI: string, diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index e6bebda875..87d0db4dac 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -360,7 +360,7 @@ DNS_Mgr::DNS_Mgr(DNS_MgrMode arg_mode) nb_dns = nb_dns_init(err); if ( ! nb_dns ) - reporter->Warning(fmt("problem initializing NB-DNS: %s", err)); + reporter->Warning("problem initializing NB-DNS: %s", err); dns_mapping_valid = dns_mapping_unverified = dns_mapping_new_name = dns_mapping_lost_name = dns_mapping_name_changed = @@ -447,7 +447,7 @@ TableVal* DNS_Mgr::LookupHost(const char* name) return d->Addrs()->ConvertToSet(); else { - reporter->Warning("no such host:", name); + reporter->Warning("no such host: %s", name); return empty_addr_set(); } } @@ -460,7 +460,7 @@ TableVal* DNS_Mgr::LookupHost(const char* name) return empty_addr_set(); case DNS_FORCE: - reporter->InternalError("can't find DNS entry for %s in cache", name); + reporter->FatalError("can't find DNS entry for %s in cache", name); return 0; case DNS_DEFAULT: @@ -490,7 +490,7 @@ Val* DNS_Mgr::LookupAddr(uint32 addr) return d->Host(); else { - reporter->Warning("can't resolve IP address:", dotted_addr(addr)); + reporter->Warning("can't resolve IP address: %s", dotted_addr(addr)); return new StringVal(dotted_addr(addr)); } } @@ -503,7 +503,7 @@ Val* DNS_Mgr::LookupAddr(uint32 addr) return new StringVal(""); case DNS_FORCE: - reporter->InternalError("can't find DNS entry for %s in cache", + reporter->FatalError("can't find DNS entry for %s in cache", dotted_addr(addr)); return 0; @@ -574,7 +574,7 @@ void DNS_Mgr::Resolve() struct nb_dns_result r; status = nb_dns_activity(nb_dns, &r, err); if ( status < 0 ) - reporter->InternalError( + reporter->Warning( "NB-DNS error in DNS_Mgr::WaitForReplies (%s)", err); else if ( status > 0 ) @@ -823,7 +823,7 @@ void DNS_Mgr::LoadCache(FILE* f) } if ( ! m->NoMapping() ) - reporter->InternalError("DNS cache corrupted"); + reporter->FatalError("DNS cache corrupted"); delete m; fclose(f); @@ -958,7 +958,7 @@ void DNS_Mgr::IssueAsyncRequests() if ( ! dr->MakeRequest(nb_dns) ) { - reporter->Error("can't issue DNS request"); + reporter->Warning("can't issue DNS request"); req->Timeout(); continue; } @@ -1095,7 +1095,10 @@ int DNS_Mgr::AnswerAvailable(int timeout) { int fd = nb_dns_fd(nb_dns); if ( fd < 0 ) - reporter->InternalError("nb_dns_fd() failed in DNS_Mgr::WaitForReplies"); + { + reporter->Warning("nb_dns_fd() failed in DNS_Mgr::WaitForReplies"); + return -1; + } fd_set read_fds; @@ -1110,13 +1113,17 @@ int DNS_Mgr::AnswerAvailable(int timeout) if ( status < 0 ) { - if ( errno == EINTR ) - return -1; - reporter->InternalError("problem with DNS select"); + if ( errno != EINTR ) + reporter->Warning("problem with DNS select"); + + return -1; } if ( status > 1 ) - reporter->InternalError("strange return from DNS select"); + { + reporter->Warning("strange return from DNS select"); + return -1; + } return status; } diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index 580eae92f1..151c05289f 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -100,8 +100,9 @@ protected: void LoadCache(FILE* f); void Save(FILE* f, PDict(DNS_Mapping)& m); - // Selects on the fd to see if there is an answer available (timeout is - // secs). Returns 0 on timeout, -1 on EINTR, and 1 if answer is ready. + // Selects on the fd to see if there is an answer available (timeout + // is secs). Returns 0 on timeout, -1 on EINTR or other error, and 1 + // if answer is ready. int AnswerAvailable(int timeout); // Issue as many queued async requests as slots are available. diff --git a/src/Expr.cc b/src/Expr.cc index c4fbe5930a..2e07c41d28 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -5022,13 +5022,11 @@ Val* ListExpr::InitVal(const BroType* t, Val* aggr) const Expr* e = exprs[i]; check_and_promote_expr(e, vec->Type()->AsVectorType()->YieldType()); Val* v = e->Eval(0); - if ( ! vec->Assign(i, v->RefCnt() == 1 ? v->Ref() : v, e) ) + if ( ! vec->Assign(i, v, e) ) { e->Error(fmt("type mismatch at index %d", i)); return 0; } - - Unref(v); } return aggr;