-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Core dump on running script that modifies connection record in log_stream_policy #3805
Comments
The issue seems to be due to when this event is invoked (early on). hook Log::log_stream_policy(c: connection, id: Log::ID)
{
local x = c$id$orig_h;
} $ zeek -Cr testing/btest/Traces/ssh/reverse-ssh.pcap /tmp/r.zeek
fatal error in <no location>: Val::CONVERTER (time/record) (1719914406.83221)
[1] 6350 abort zeek -Cr testing/btest/Traces/ssh/reverse-ssh.pcap /tmp/r.zeek Accessing |
It's not a timing thing, those are the wrong parameters for that hook |
What should I be using for the parameters? |
For |
A stream policy hook can have any type of record come through it though, can't it? If I want to read that record - I need to define it's type, but can't? unless it'll selectively pass in only the type defined? If I define my own record type for this - with just |
I haven't tried, but type casting could possibly also work. For If you need more "user guidance", lets continue on Slack or the forum (community.zeek.org). Again, not sure there's an easy way to protect from the runtime fatal error :-/ |
Could we maybe have an
|
Oh, just noticed we have |
The following script causes zeek to core dump
The text was updated successfully, but these errors were encountered: