On Jun 2, 2013, at 10:18 PM, Robin Sommer <[email protected]> wrote: > > core.tunnels.teredo-known-services … failed
There's a subtle change to the test in this branch: it no longer does `bro -b`. The reason that ends up mattering for the test is that the pcap has a connection for which both Teredo and DNS analyzers get attached and the Teredo analyzer does this thing where it won't emit a protocol_confirmation if some other analyzer on the same connection has already. When doing `bro -b`, the DNS analyzer doesn't get attached since the associated scripts aren't loaded, but the Teredo analyzer does since it has a signature that matches and so it will emit a protocol_confirmation which causes the known_service.log. > From the test description I'm not sure if known_services.log can > legitimately be missing in the 2nd case. Seems fine. Or you can add the -b back. - Jon _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
