From noreply at bro-ids.org Sat Dec 1 00:00:03 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 1 Dec 2012 00:00:03 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212010800.qB1803CT002949@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 5 [1] | Christian | | Normal | Bug with table[] of set[] initializers Bro | 866 [2] | seth | | Normal | Problem with set initializers Bro | 912 [3] | carsten | | Normal | Need option for ASCII logging writer to only print CSV header line Bro | 918 [4] | jsiwek | jsiwek | Normal | topic/jsiwek/hook [5] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 95ffb1c | Jon Siwek | 2012-11-30 | Quick pass over unit tests, adding -b flag to bro so they run faster. [6] bro | c98301e | Seth Hall | 2012-11-26 | Fixed a DNS attribute issue (reported by Matt Thompson). [7] [1] #5: http://tracker.bro-ids.org/bro/ticket/5 [2] #866: http://tracker.bro-ids.org/bro/ticket/866 [3] #912: http://tracker.bro-ids.org/bro/ticket/912 [4] #918: http://tracker.bro-ids.org/bro/ticket/918 [5] hook: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/hook [6] fastpath: http://tracker.bro-ids.org/bro/changeset/95ffb1cf27a3833c723ff4193b87271139d63ee7/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/c98301e51f6c4cfd48d299e7cfe59e03565cd2d8/bro From noreply at bro-ids.org Sun Dec 2 00:00:07 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sun, 2 Dec 2012 00:00:07 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212020800.qB2807Mg023865@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 5 [1] | Christian | | Normal | Bug with table[] of set[] initializers Bro | 866 [2] | seth | | Normal | Problem with set initializers Bro | 912 [3] | carsten | | Normal | Need option for ASCII logging writer to only print CSV header line Bro | 918 [4] | jsiwek | jsiwek | Normal | topic/jsiwek/hook [5] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 95ffb1c | Jon Siwek | 2012-11-30 | Quick pass over unit tests, adding -b flag to bro so they run faster. [6] bro | c98301e | Seth Hall | 2012-11-26 | Fixed a DNS attribute issue (reported by Matt Thompson). [7] [1] #5: http://tracker.bro-ids.org/bro/ticket/5 [2] #866: http://tracker.bro-ids.org/bro/ticket/866 [3] #912: http://tracker.bro-ids.org/bro/ticket/912 [4] #918: http://tracker.bro-ids.org/bro/ticket/918 [5] hook: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/hook [6] fastpath: http://tracker.bro-ids.org/bro/changeset/95ffb1cf27a3833c723ff4193b87271139d63ee7/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/c98301e51f6c4cfd48d299e7cfe59e03565cd2d8/bro From noreply at bro-ids.org Mon Dec 3 00:00:03 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Mon, 3 Dec 2012 00:00:03 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212030800.qB3803KX010582@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 5 [1] | Christian | | Normal | Bug with table[] of set[] initializers Bro | 866 [2] | seth | | Normal | Problem with set initializers Bro | 912 [3] | carsten | | Normal | Need option for ASCII logging writer to only print CSV header line Bro | 918 [4] | jsiwek | jsiwek | Normal | topic/jsiwek/hook [5] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 95ffb1c | Jon Siwek | 2012-11-30 | Quick pass over unit tests, adding -b flag to bro so they run faster. [6] bro | c98301e | Seth Hall | 2012-11-26 | Fixed a DNS attribute issue (reported by Matt Thompson). [7] [1] #5: http://tracker.bro-ids.org/bro/ticket/5 [2] #866: http://tracker.bro-ids.org/bro/ticket/866 [3] #912: http://tracker.bro-ids.org/bro/ticket/912 [4] #918: http://tracker.bro-ids.org/bro/ticket/918 [5] hook: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/hook [6] fastpath: http://tracker.bro-ids.org/bro/changeset/95ffb1cf27a3833c723ff4193b87271139d63ee7/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/c98301e51f6c4cfd48d299e7cfe59e03565cd2d8/bro From bro at tracker.bro-ids.org Mon Dec 3 14:31:41 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 03 Dec 2012 22:31:41 -0000 Subject: [Bro-Dev] #912: Need option for ASCII logging writer to only print CSV header line In-Reply-To: <049.d710ed16fabc938ed6d83c3181873a7a@tracker.bro-ids.org> References: <049.d710ed16fabc938ed6d83c3181873a7a@tracker.bro-ids.org> Message-ID: <064.fb56931da361e20daf43b3ee014aa20c@tracker.bro-ids.org> #912: Need option for ASCII logging writer to only print CSV header line ----------------------------+------------------------------- Reporter: carsten | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: logging csv ascii ----------------------------+------------------------------- Comment (by robin): - Renaming the option to "tsv", that seems to say the right thing. :) - Fixed the error message. - Clarified the usage description. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Dec 3 14:34:04 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 03 Dec 2012 22:34:04 -0000 Subject: [Bro-Dev] #912: Need option for ASCII logging writer to only print CSV header line In-Reply-To: <049.d710ed16fabc938ed6d83c3181873a7a@tracker.bro-ids.org> References: <049.d710ed16fabc938ed6d83c3181873a7a@tracker.bro-ids.org> Message-ID: <064.87ee13348acb79b23f549080ed191d0c@tracker.bro-ids.org> #912: Need option for ASCII logging writer to only print CSV header line ----------------------------+------------------------------- Reporter: carsten | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: logging csv ascii ----------------------------+------------------------------- Comment (by robin): Regarding global vs local: we could generally allow all writer options to be given via {{{config}}} to filters (at least where it makes sense). However one problem is that the values are normally typed but with config we can pass only strings. Anyway, I'm leaving it as it is for now; if anybody wants to add a global "tsv" option in addition, please go ahead. -- Ticket URL: Bro Tracker Bro Issue Tracker From jsiwek at illinois.edu Mon Dec 3 15:17:35 2012 From: jsiwek at illinois.edu (Siwek, Jonathan Luke) Date: Mon, 3 Dec 2012 23:17:35 +0000 Subject: [Bro-Dev] [Bro-Commits] [git/bro] fastpath: Fixed a DNS attribute issue (reported by Matt Thompson). (c98301e) In-Reply-To: <201211262058.qAQKwT5N011870@bro-ids.icir.org> References: <201211262058.qAQKwT5N011870@bro-ids.icir.org> Message-ID: > commit c98301e51f6c4cfd48d299e7cfe59e03565cd2d8 > Author: Seth Hall > Date: Mon Nov 26 15:58:25 2012 -0500 > > Fixed a DNS attribute issue (reported by Matt Thompson). This causes some test failures in the testing/external repos (bro-testing/bro-testing-private), can you look at it to see if the diffs are expected? If they are, I think you should confirm them by committing the updated baselines to fastpath in the external repos. Jon From robin at icir.org Mon Dec 3 15:37:37 2012 From: robin at icir.org (Robin Sommer) Date: Mon, 3 Dec 2012 15:37:37 -0800 Subject: [Bro-Dev] [Bro-Commits] [git/bro] fastpath: Fixed a DNS attribute issue (reported by Matt Thompson). (c98301e) In-Reply-To: References: <201211262058.qAQKwT5N011870@bro-ids.icir.org> Message-ID: <20121203233737.GT28630@icir.org> On Mon, Dec 03, 2012 at 23:17 +0000, you wrote: > This causes some test failures in the testing/external repos > (bro-testing/bro-testing-private), can you look at it to see if the > diffs are expected? If they are, I think you should confirm them by > committing the updated baselines to fastpath in the external repos. I actually just ran the tests over here as well and am likewise guessing that the failures are due to the DNS fix and hence benign. I'm going to commit the baseline updates but, Seth, indeed please double-check that this is expected (you'll see the diff for the baseline). Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From bro at tracker.bro-ids.org Mon Dec 3 15:43:10 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 03 Dec 2012 23:43:10 -0000 Subject: [Bro-Dev] #918: topic/jsiwek/hook In-Reply-To: <048.8bbad75d47a7d6400cc12123e7951748@tracker.bro-ids.org> References: <048.8bbad75d47a7d6400cc12123e7951748@tracker.bro-ids.org> Message-ID: <063.8969a58b8b38bc3b8daf16120a633663@tracker.bro-ids.org> #918: topic/jsiwek/hook ----------------------------+------------------------ Reporter: jsiwek | Owner: jsiwek Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * status: assigned => closed * resolution: => fixed Comment: In [1298f2e974b7152e542d6271d48960644304bf62/bro]: {{{ #!CommitTicketReference repository="bro" revision="1298f2e974b7152e542d6271d48960644304bf62" Merge remote-tracking branch 'origin/topic/jsiwek/hook' * origin/topic/jsiwek/hook: Change hook calls to only be allowed when preceded by "hook" keyword. Clarification in hook documentation. Hook functions now directly callable instead of w/ "hook" statements. Closes #918. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Dec 3 15:43:10 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 03 Dec 2012 23:43:10 -0000 Subject: [Bro-Dev] #5: Bug with table[] of set[] initializers In-Reply-To: <051.c52aaf28444d3cd950eb1cb7e9501fab@tracker.bro-ids.org> References: <051.c52aaf28444d3cd950eb1cb7e9501fab@tracker.bro-ids.org> Message-ID: <066.224a58d0d48e9fd5d9c2cde28e9637ec@tracker.bro-ids.org> #5: Bug with table[] of set[] initializers ----------------------------+-------------------- Reporter: Christian | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: fixed | Keywords: ----------------------------+-------------------- Changes (by robin): * owner: => robin * status: seen => closed * resolution: => fixed Comment: In [d4792dc7fe0de0468cb1060296a76f67f663658e/bro]: {{{ #!CommitTicketReference repository="bro" revision="d4792dc7fe0de0468cb1060296a76f67f663658e" Merge remote-tracking branch 'origin/topic/jsiwek/table-init-container- ctors' * origin/topic/jsiwek/table-init-container-ctors: Add test of record() constructor to table initializer unit test. Fix table(), set(), vector() constructors in table initializer lists. Closes #5. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Dec 3 15:43:10 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 03 Dec 2012 23:43:10 -0000 Subject: [Bro-Dev] #912: Need option for ASCII logging writer to only print CSV header line In-Reply-To: <049.d710ed16fabc938ed6d83c3181873a7a@tracker.bro-ids.org> References: <049.d710ed16fabc938ed6d83c3181873a7a@tracker.bro-ids.org> Message-ID: <064.3a912c28675ec4b2cdfa2f28532abb63@tracker.bro-ids.org> #912: Need option for ASCII logging writer to only print CSV header line ----------------------------+------------------------------- Reporter: carsten | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: logging csv ascii ----------------------------+------------------------------- Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [63d43e6545dcfd564a3456dbe1cfab0a0f491655/bro]: {{{ #!CommitTicketReference repository="bro" revision="63d43e6545dcfd564a3456dbe1cfab0a0f491655" Renaming ASCII writer filter option 'only_single_header_row' to 'tsv'. Also clarifying usage. Closes #912. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Dec 3 15:43:10 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 03 Dec 2012 23:43:10 -0000 Subject: [Bro-Dev] #866: Problem with set initializers In-Reply-To: <046.979bb585920072a482373f58f7afe6e9@tracker.bro-ids.org> References: <046.979bb585920072a482373f58f7afe6e9@tracker.bro-ids.org> Message-ID: <061.69078b73fa27b71fa91b9476884343ad@tracker.bro-ids.org> #866: Problem with set initializers ----------------------------+------------------------ Reporter: seth | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: language ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [d9f90fcac068504f5796b34e3e683ca2b1415020/bro]: {{{ #!CommitTicketReference repository="bro" revision="d9f90fcac068504f5796b34e3e683ca2b1415020" Merge remote-tracking branch 'origin/topic/jsiwek/table-attribute-fixes' * origin/topic/jsiwek/table-attribute-fixes: Fix various bugs with table/set attributes. Closes #866. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Dec 4 08:07:54 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 04 Dec 2012 16:07:54 -0000 Subject: [Bro-Dev] #741: Remove HTTP verbs from HTTP analyzer In-Reply-To: <046.33191738c5e4da46b75e4c33d1e6e42a@tracker.bro-ids.org> References: <046.33191738c5e4da46b75e4c33d1e6e42a@tracker.bro-ids.org> Message-ID: <061.c6a72284568c95da6e04d91024cb42de@tracker.bro-ids.org> #741: Remove HTTP verbs from HTTP analyzer ----------------------------+-------------------- Reporter: seth | Owner: Type: Merge Request | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: Resolution: | Keywords: ----------------------------+-------------------- Changes (by robin): * type: Problem => Merge Request -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Dec 4 10:42:18 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 04 Dec 2012 18:42:18 -0000 Subject: [Bro-Dev] #779: missing values cause bro to crash when used inside of a 'when' statement. In-Reply-To: <048.d7eccddacf988dcfe011e1dac3c48b28@tracker.bro-ids.org> References: <048.d7eccddacf988dcfe011e1dac3c48b28@tracker.bro-ids.org> Message-ID: <063.479b6ea3b4f713654e8b14d0aca32e4e@tracker.bro-ids.org> #779: missing values cause bro to crash when used inside of a 'when' statement. ----------------------+--------------------------------------- Reporter: justin | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: when InterpreterException ----------------------+--------------------------------------- Comment (by jsiwek): In [f7440375f175c0081d7d05ca5f0581480031130f/bro]: {{{ #!CommitTicketReference repository="bro" revision="f7440375f175c0081d7d05ca5f0581480031130f" Interpreter exceptions occurring in "when" blocks are now handled. The scripting error that caused the exception is still reported, but it no longer causes Bro to terminate. Addresses #779 }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Dec 4 11:11:15 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 04 Dec 2012 19:11:15 -0000 Subject: [Bro-Dev] #9: Creating a Broccoli event from raw pointers In-Reply-To: <050.246c2f96398ac86fe4f14f5466f9a82a@tracker.bro-ids.org> References: <050.246c2f96398ac86fe4f14f5466f9a82a@tracker.bro-ids.org> Message-ID: <065.4abbfdeebac854ee3c335d0198e19351@tracker.bro-ids.org> #9: Creating a Broccoli event from raw pointers -----------------------------+---------------------- Reporter: matthias | Owner: kreibich Type: Task | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Broccoli | Version: 1.5.2 Resolution: Solved/Applied | Keywords: -----------------------------+---------------------- Changes (by jsiwek): * status: accepted => closed * resolution: => Solved/Applied * milestone: => Bro2.2 Comment: This has been implemented for a while. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Dec 4 13:23:45 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 04 Dec 2012 21:23:45 -0000 Subject: [Bro-Dev] #24: inconsistent behavior with respect to out-of-range vector references In-Reply-To: <046.92b2e1e533d9208fa004829f1ac165d3@tracker.bro-ids.org> References: <046.92b2e1e533d9208fa004829f1ac165d3@tracker.bro-ids.org> Message-ID: <061.8905ffc347ca5b6e7c1e874e75be1b2d@tracker.bro-ids.org> #24: inconsistent behavior with respect to out-of-range vector references ----------------------+------------------ Reporter: vern | Owner: Type: Problem | Status: seen Priority: Normal | Milestone: Component: Bro | Version: Resolution: | Keywords: ----------------------+------------------ Comment (by jsiwek): In [75278af8a101395f06b3371e5a5dc3795032efad/bro]: {{{ #!CommitTicketReference repository="bro" revision="75278af8a101395f06b3371e5a5dc3795032efad" Invalid vector indices now generate error message (addresses #24). The error/behavior is the same as accessing tables at invalid indices. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Dec 4 13:45:58 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 04 Dec 2012 21:45:58 -0000 Subject: [Bro-Dev] #33: Broccoli: race condition during concurrent connection intialization In-Reply-To: <050.a5f71a36e9fd86dd973e7be4c60c81a9@tracker.bro-ids.org> References: <050.a5f71a36e9fd86dd973e7be4c60c81a9@tracker.bro-ids.org> Message-ID: <065.9c42d27dbdaad2bb29d355854ba494d9@tracker.bro-ids.org> #33: Broccoli: race condition during concurrent connection intialization -----------------------------+---------------------- Reporter: matthias | Owner: kreibich Type: Problem | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Broccoli | Version: 1.4 Resolution: Solved/Applied | Keywords: -----------------------------+---------------------- Changes (by jsiwek): * status: accepted => closed * resolution: => Solved/Applied * milestone: => Bro2.2 Comment: This looks like it's been fixed for a while. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Dec 4 14:32:07 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 04 Dec 2012 22:32:07 -0000 Subject: [Bro-Dev] #34: Segfault from assigning uninitialized variables to record values In-Reply-To: <046.a7dfce144ba87bc37874c574b698fbf3@tracker.bro-ids.org> References: <046.a7dfce144ba87bc37874c574b698fbf3@tracker.bro-ids.org> Message-ID: <061.b14ce16160bf3f2c54b387064bd623bd@tracker.bro-ids.org> #34: Segfault from assigning uninitialized variables to record values ----------------------+------------------- Reporter: seth | Owner: Type: Problem | Status: seen Priority: Normal | Milestone: Component: Bro | Version: 1.5.2 Resolution: | Keywords: ----------------------+------------------- Comment (by jsiwek): In [32239ea63395e523b7ad6ccdfa3a56c34d35a0fa/bro]: {{{ #!CommitTicketReference repository="bro" revision="32239ea63395e523b7ad6ccdfa3a56c34d35a0fa" Bad record constructor initializers now give an error (addresses #34). As opposed to a segfault. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Wed Dec 5 00:00:03 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Wed, 5 Dec 2012 00:00:03 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212050800.qB58032v031341@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 741 [1] | seth | | High | Remove HTTP verbs from HTTP analyzer > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 32239ea | Jon Siwek | 2012-12-04 | Bad record constructor initializers now give an error (addresses #34). [2] bro | 75278af | Jon Siwek | 2012-12-04 | Invalid vector indices now generate error message (addresses #24). [3] bro | 7758f4d | Jon Siwek | 2012-12-04 | Bump CPack RPM package requirement to python >= 2.6.0. [4] bro | f744037 | Jon Siwek | 2012-12-04 | Interpreter exceptions occurring in "when" blocks are now handled. [5] broctl | 58f2d74 | Jon Siwek | 2012-12-04 | Bump CPack RPM package requirement to python >= 2.6.0. [6] [1] #741: http://tracker.bro-ids.org/bro/ticket/741 [2] fastpath: http://tracker.bro-ids.org/bro/changeset/32239ea63395e523b7ad6ccdfa3a56c34d35a0fa/bro [3] fastpath: http://tracker.bro-ids.org/bro/changeset/75278af8a101395f06b3371e5a5dc3795032efad/bro [4] fastpath: http://tracker.bro-ids.org/bro/changeset/7758f4dc9cab60fbb23e8e69a51463dfa0800e20/bro [5] fastpath: http://tracker.bro-ids.org/bro/changeset/f7440375f175c0081d7d05ca5f0581480031130f/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/58f2d74c3d728993facacd5838f07f1eb31549ce/broctl From bro at tracker.bro-ids.org Wed Dec 5 08:32:42 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 05 Dec 2012 16:32:42 -0000 Subject: [Bro-Dev] #35: Policy script interpreting continues after a const variable is later declared as a global variable. In-Reply-To: <046.fc474cb3fd2a62e9a0f38881ceea88a6@tracker.bro-ids.org> References: <046.fc474cb3fd2a62e9a0f38881ceea88a6@tracker.bro-ids.org> Message-ID: <061.c73446fb953a4aa400eee98bf88cb6c0@tracker.bro-ids.org> #35: Policy script interpreting continues after a const variable is later declared as a global variable. ----------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: 1.5.2 Resolution: Invalid | Keywords: ----------------------+-------------------- Changes (by jsiwek): * status: seen => closed * resolution: => Invalid * milestone: => Bro2.2 Comment: As discussed long ago in this ticket, I think the behavior seems ok as long as it's not also segfaulting Bro (which is what #34 is about). -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Dec 5 09:19:16 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 05 Dec 2012 17:19:16 -0000 Subject: [Bro-Dev] #62: Bro Seg Faults on DNS Failure at Startup In-Reply-To: <053.e248d756126e1d6cf1418c49f1cd4d4b@tracker.bro-ids.org> References: <053.e248d756126e1d6cf1418c49f1cd4d4b@tracker.bro-ids.org> Message-ID: <068.7c909fc8e059bd802c39206eecf098e8@tracker.bro-ids.org> #62: Bro Seg Faults on DNS Failure at Startup -----------------------------+------------------------------- Reporter: mej@? | Owner: Type: Problem | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: 1.4 Resolution: Solved/Applied | Keywords: crash DNS failure -----------------------------+------------------------------- Changes (by jsiwek): * status: seen => closed * resolution: => Solved/Applied * milestone: => Bro2.2 Comment: I don't think this is an issue anymore, and the existence of the `testing/btest/core/dns-init.bro` unit test seems to back that up. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Dec 5 11:15:57 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 05 Dec 2012 19:15:57 -0000 Subject: [Bro-Dev] #66: Bro crashes if &synchronized vars aren't initialized In-Reply-To: <047.3c1e04b3423efefd81021ef4e349f7df@tracker.bro-ids.org> References: <047.3c1e04b3423efefd81021ef4e349f7df@tracker.bro-ids.org> Message-ID: <062.f03cfba22bbba559b4c04b40ed992859@tracker.bro-ids.org> #66: Bro crashes if &synchronized vars aren't initialized ----------------------+------------------ Reporter: robin | Owner: Type: Problem | Status: seen Priority: Normal | Milestone: Component: Bro | Version: 1.4 Resolution: | Keywords: ----------------------+------------------ Comment (by jsiwek): In [f403e537ece415ec338e8b21d0cb233daf7f970c/bro]: {{{ #!CommitTicketReference repository="bro" revision="f403e537ece415ec338e8b21d0cb233daf7f970c" Fix segfault: uninitialized identifiers w/ &synchronized (addresses #66) Synchronization of state between connecting peers now skips over identifiers that aren't initialized with a value yet. If they're assigned a value later, that will be synchronized like usual. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Dec 5 16:57:14 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 06 Dec 2012 00:57:14 -0000 Subject: [Bro-Dev] #24: inconsistent behavior with respect to out-of-range vector references In-Reply-To: <046.92b2e1e533d9208fa004829f1ac165d3@tracker.bro-ids.org> References: <046.92b2e1e533d9208fa004829f1ac165d3@tracker.bro-ids.org> Message-ID: <061.77abd5610a2fe3ffd052e51888f52a7f@tracker.bro-ids.org> #24: inconsistent behavior with respect to out-of-range vector references ----------------------+------------------ Reporter: vern | Owner: Type: Problem | Status: seen Priority: Normal | Milestone: Component: Bro | Version: Resolution: | Keywords: ----------------------+------------------ Comment (by robin): In [4877f8344d4dfa2b9d8946f2e23d777a195dd1e1/bro]: {{{ #!CommitTicketReference repository="bro" revision="4877f8344d4dfa2b9d8946f2e23d777a195dd1e1" Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: ok, this one is a bit... embarrassing. Fix segfault: uninitialized identifiers w/ &synchronized (addresses #66) Bad record constructor initializers now give an error (addresses #34). Invalid vector indices now generate error message (addresses #24). Bump CPack RPM package requirement to python >= 2.6.0. Interpreter exceptions occurring in "when" blocks are now handled. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Dec 5 16:57:14 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 06 Dec 2012 00:57:14 -0000 Subject: [Bro-Dev] #34: Segfault from assigning uninitialized variables to record values In-Reply-To: <046.a7dfce144ba87bc37874c574b698fbf3@tracker.bro-ids.org> References: <046.a7dfce144ba87bc37874c574b698fbf3@tracker.bro-ids.org> Message-ID: <061.db083e21b81aca5dcc5abffe852ea2e5@tracker.bro-ids.org> #34: Segfault from assigning uninitialized variables to record values ----------------------+------------------- Reporter: seth | Owner: Type: Problem | Status: seen Priority: Normal | Milestone: Component: Bro | Version: 1.5.2 Resolution: | Keywords: ----------------------+------------------- Comment (by robin): In [4877f8344d4dfa2b9d8946f2e23d777a195dd1e1/bro]: {{{ #!CommitTicketReference repository="bro" revision="4877f8344d4dfa2b9d8946f2e23d777a195dd1e1" Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: ok, this one is a bit... embarrassing. Fix segfault: uninitialized identifiers w/ &synchronized (addresses #66) Bad record constructor initializers now give an error (addresses #34). Invalid vector indices now generate error message (addresses #24). Bump CPack RPM package requirement to python >= 2.6.0. Interpreter exceptions occurring in "when" blocks are now handled. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Dec 5 16:57:14 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 06 Dec 2012 00:57:14 -0000 Subject: [Bro-Dev] #741: Remove HTTP verbs from HTTP analyzer In-Reply-To: <046.33191738c5e4da46b75e4c33d1e6e42a@tracker.bro-ids.org> References: <046.33191738c5e4da46b75e4c33d1e6e42a@tracker.bro-ids.org> Message-ID: <061.77ee3099a95c3bfbee7ad504d5ba7458@tracker.bro-ids.org> #741: Remove HTTP verbs from HTTP analyzer ----------------------------+-------------------- Reporter: seth | Owner: robin Type: Merge Request | Status: closed Priority: High | Milestone: Bro2.2 Component: Bro | Version: Resolution: fixed | Keywords: ----------------------------+-------------------- Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [177c014cb78724676ee61f9d52d708d7360cded8/bro]: {{{ #!CommitTicketReference repository="bro" revision="177c014cb78724676ee61f9d52d708d7360cded8" Merge remote-tracking branch 'vlad/topic/vladg/http-verbs' * vlad/topic/vladg/http-verbs: A test for HTTP methods, including some horribly illegal requests. Remove hardcoded HTTP verbs from the analyzer (#741) I added a "bad_HTTP_request" weird for HTTP request lines that don't have more than a single word. Closes #741. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Dec 5 16:57:14 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 06 Dec 2012 00:57:14 -0000 Subject: [Bro-Dev] #66: Bro crashes if &synchronized vars aren't initialized In-Reply-To: <047.3c1e04b3423efefd81021ef4e349f7df@tracker.bro-ids.org> References: <047.3c1e04b3423efefd81021ef4e349f7df@tracker.bro-ids.org> Message-ID: <062.7b0d86b5c8d09f6ead2e02eac5c726f0@tracker.bro-ids.org> #66: Bro crashes if &synchronized vars aren't initialized ----------------------+------------------ Reporter: robin | Owner: Type: Problem | Status: seen Priority: Normal | Milestone: Component: Bro | Version: 1.4 Resolution: | Keywords: ----------------------+------------------ Comment (by robin): In [4877f8344d4dfa2b9d8946f2e23d777a195dd1e1/bro]: {{{ #!CommitTicketReference repository="bro" revision="4877f8344d4dfa2b9d8946f2e23d777a195dd1e1" Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: ok, this one is a bit... embarrassing. Fix segfault: uninitialized identifiers w/ &synchronized (addresses #66) Bad record constructor initializers now give an error (addresses #34). Invalid vector indices now generate error message (addresses #24). Bump CPack RPM package requirement to python >= 2.6.0. Interpreter exceptions occurring in "when" blocks are now handled. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From vladg at cmu.edu Wed Dec 5 17:21:37 2012 From: vladg at cmu.edu (Vlad Grigorescu) Date: Thu, 6 Dec 2012 01:21:37 +0000 Subject: [Bro-Dev] [Bro-Commits] [git/bro] master: Adapting the HTTP request line parsing to only accept methods consisting of letters [A-Za-z]. (5751046) In-Reply-To: <19879_1354756314_qB61BrDR008563_201212060057.qB60vSA1007624@bro-ids.icir.org> References: <19879_1354756314_qB61BrDR008563_201212060057.qB60vSA1007624@bro-ids.icir.org> Message-ID: <1202BE242E080642B0CD0AD0A03E85526F914E@PGH-MSGMB-03.andrew.ad.cmu.edu> One of the things I found when I turned this on in production was a Microsoft product that was using some custom HTTP methods: CCM_POST and BITS_POST. I'd say add underscore to this as well, maybe even hyphen. If we want to take this further, the HTTP/1.1 and HTTP/1.0 RFCs say that the request method must be a token. Tokens are defined as: > token = 1* > separators = "(" | ")" | "<" | ">" | "@" > | "," | ";" | ":" | "\" | <"> > | "/" | "[" | "]" | "?" | "=" > | "{" | "}" | SP | HT Thoughts? --Vlad On Dec 5, 2012, at 7:57 PM, Robin Sommer wrote: > commit 57510464a1c100f174382daa48934f2404762f3d > Author: Robin Sommer > Date: Wed Dec 5 16:44:04 2012 -0800 > > Adapting the HTTP request line parsing to only accept methods > consisting of letters [A-Za-z]. > > I had some bogus HTTP sessions now with the test-suite that reported > data as HTTP because it started with " a reasonable constraint. From noreply at bro-ids.org Thu Dec 6 00:00:03 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Thu, 6 Dec 2012 00:00:03 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212060800.qB68032G010339@bro-ids.icir.org> > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ broctl | 39b6e7b | Jon Siwek | 2012-12-05 | MailFrom broctl.cfg option now adds a redef for Notice::mail_from. [1] broctl | 58f2d74 | Jon Siwek | 2012-12-04 | Bump CPack RPM package requirement to python >= 2.6.0. [2] [1] fastpath: http://tracker.bro-ids.org/bro/changeset/39b6e7b306e5c65a14a8049c7a5ec9abdeaa6bb4/broctl [2] fastpath: http://tracker.bro-ids.org/bro/changeset/58f2d74c3d728993facacd5838f07f1eb31549ce/broctl From seth at icir.org Thu Dec 6 06:54:29 2012 From: seth at icir.org (Seth Hall) Date: Thu, 6 Dec 2012 09:54:29 -0500 Subject: [Bro-Dev] [Bro-Commits] [git/bro] topic/matthias/opaque: Implement equivalence relation for opaque types. (2494940) In-Reply-To: <201212060458.qB64w1WP016881@bro-ids.icir.org> References: <201212060458.qB64w1WP016881@bro-ids.icir.org> Message-ID: <6C462580-33CE-44CE-9656-3BDEF3B2D7EF@icir.org> On Dec 5, 2012, at 11:58 PM, Matthias Vallentin wrote: > Implement equivalence relation for opaque types. > case TYPE_OPAQUE: > - // FIXME: Should we downcast here and compare the opaque type names? > - return 1; > + { > + const OpaqueType* ot1 = (const OpaqueType*) t1; > + const OpaqueType* ot2 = (const OpaqueType*) t2; > + return ot1->Name() == ot2->Name() ? 1 : 0; > + } When we implement opaque types, shouldn't we be able to supply an equivalency testing function? Just comparing the types seems of limited use. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/ From robin at icir.org Thu Dec 6 08:40:02 2012 From: robin at icir.org (Robin Sommer) Date: Thu, 6 Dec 2012 08:40:02 -0800 Subject: [Bro-Dev] [Bro-Commits] [git/bro] master: Adapting the HTTP request line parsing to only accept methods consisting of letters [A-Za-z]. (5751046) In-Reply-To: <1202BE242E080642B0CD0AD0A03E85526F914E@PGH-MSGMB-03.andrew.ad.cmu.edu> References: <19879_1354756314_qB61BrDR008563_201212060057.qB60vSA1007624@bro-ids.icir.org> <1202BE242E080642B0CD0AD0A03E85526F914E@PGH-MSGMB-03.andrew.ad.cmu.edu> Message-ID: <20121206164002.GC99541@icir.org> On Thu, Dec 06, 2012 at 01:21 +0000, you wrote: > and BITS_POST. I'd say add underscore to this as well, maybe even > hyphen. I was wondering about that as well but I looked at the predefined methods in http/main.bro and didn't see them there, so they are already triggering a weird. On the other hand, I like the idea of following the RFC definition of a token there, that makes kind of sense. :) And the MIME code already has a corresponding get_token() function. I'll take a look at that later. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From vallentin at icir.org Thu Dec 6 21:31:26 2012 From: vallentin at icir.org (Matthias Vallentin) Date: Thu, 6 Dec 2012 19:31:26 -1000 Subject: [Bro-Dev] [Bro-Commits] [git/bro] topic/matthias/opaque: Implement equivalence relation for opaque types. (2494940) In-Reply-To: <6C462580-33CE-44CE-9656-3BDEF3B2D7EF@icir.org> References: <201212060458.qB64w1WP016881@bro-ids.icir.org> <6C462580-33CE-44CE-9656-3BDEF3B2D7EF@icir.org> Message-ID: > When we implement opaque types, shouldn't we be able to supply an equivalency testing function? Just comparing the types seems of limited use. I'm not sure if I understand what you mean exactly. This is only for types, not for values: an opaque of T is equivalent to an opaque of U if and only if T == U. The opaque types carry a name string with them, e.g., "md5," or "hyper-log-log," which translates T == U into name(T) == name(U). Maybe you're more concerned about the values? I haven't implemented that part yet. Matthias From noreply at bro-ids.org Fri Dec 7 00:00:08 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Fri, 7 Dec 2012 00:00:08 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212070800.qB7808kb020087@bro-ids.icir.org> > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ broctl | ba8b78e | Daniel Thayer | 2012-12-06 | Update documentation for recent MailFrom change [1] [1] fastpath: http://tracker.bro-ids.org/bro/changeset/ba8b78e823a3b5b3130ea040d2f533a6b9fe16b6/broctl From robin at icir.org Fri Dec 7 09:43:33 2012 From: robin at icir.org (Robin Sommer) Date: Fri, 7 Dec 2012 09:43:33 -0800 Subject: [Bro-Dev] [Bro-Commits-Internal] UnitTests - Build # 547 - Failure! In-Reply-To: <906262686.1.1354756821478.JavaMail.jenkins@brotestbed.ncsa.illinois.edu> References: <906262686.1.1354756821478.JavaMail.jenkins@brotestbed.ncsa.illinois.edu> Message-ID: <20121207174332.GA21097@icir.org> Actually I see this occasionally here now as well (but not always). Could this be related to the recent when error handling changes in f7440375? Robin On Wed, Dec 05, 2012 at 19:20 -0600, jenkins at brotestbed.ncsa.illinois.edu wrote: > UnitTests - Build # 547 - Failure on node "Ubuntu_12.04_x86_64", git branch "$GIT_BRANCH" (${GIT_REVISION, length=12}). > core.dns-interpreter-exceptions ... failed > % 'TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out' failed unexpectedly (exit code 1) > % cat .diag > == File =============================== > 1300475167.096535 expression error in /home/jenkins/workspace/UnitTests/bro/testing/btest/.tmp/core.dns-interpreter-exceptions/dns-interpreter-exceptions.bro, line 28: field value missing [p$ip] > 1300475167.096535 expression error in /home/jenkins/workspace/UnitTests/bro/testing/btest/.tmp/core.dns-interpreter-exceptions/dns-interpreter-exceptions.bro, line 49: field value missing [p$ip] > timeout g(), F > timeout g(), T > timeout > g() done, no exception, T > == Diff =============================== > --- /tmp/test-diff.24178.out.baseline.tmp 2012-12-06 01:15:17.086767144 +0000 > +++ /tmp/test-diff.24178.out.tmp 2012-12-06 01:15:17.090767092 +0000 > @@ -1,12 +1,6 @@ > 1300475167.096535 expression error in <...>/dns-interpreter-exceptions.bro, line 28: field value missing [p$ip] > 1300475167.096535 expression error in <...>/dns-interpreter-exceptions.bro, line 49: field value missing [p$ip] > -1300475168.902195 expression error in <...>/dns-interpreter-exceptions.bro, line 39: field value missing [p$ip] > -1300475168.902195 expression error in <...>/dns-interpreter-exceptions.bro, line 12: field value missing [p$ip] > timeout g(), F > timeout g(), T > timeout > g() done, no exception, T > -localhost resolved > -localhost resolved from f(), T > -localhost resolved from f(), F > -f() done, no exception, T > ======================================= -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From bro at tracker.bro-ids.org Fri Dec 7 10:22:08 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 07 Dec 2012 18:22:08 -0000 Subject: [Bro-Dev] #779: missing values cause bro to crash when used inside of a 'when' statement. In-Reply-To: <048.d7eccddacf988dcfe011e1dac3c48b28@tracker.bro-ids.org> References: <048.d7eccddacf988dcfe011e1dac3c48b28@tracker.bro-ids.org> Message-ID: <063.35d32f037f13fce9ccb4ed5f3952827c@tracker.bro-ids.org> #779: missing values cause bro to crash when used inside of a 'when' statement. -----------------------------+--------------------------------------- Reporter: justin | Owner: Type: Problem | Status: closed Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: Solved/Applied | Keywords: when InterpreterException -----------------------------+--------------------------------------- Changes (by jsiwek): * status: new => closed * resolution: => Solved/Applied Comment: Fix is in git/master now. -- Ticket URL: Bro Tracker Bro Issue Tracker From jsiwek at illinois.edu Fri Dec 7 10:40:31 2012 From: jsiwek at illinois.edu (Siwek, Jonathan Luke) Date: Fri, 7 Dec 2012 18:40:31 +0000 Subject: [Bro-Dev] [Bro-Commits-Internal] UnitTests - Build # 547 - Failure! In-Reply-To: <20121207174332.GA21097@icir.org> References: <906262686.1.1354756821478.JavaMail.jenkins@brotestbed.ncsa.illinois.edu> <20121207174332.GA21097@icir.org> Message-ID: It's definitely related to that change because it's the associated test I made to try to specifically exercise the Trigger code. I've seen it a couple times, too. It's probably just a reliability issue with the test that I need to figure out -- I think Bro decides it's done when no more packets are available, but there's still pending Triggers that the test needs to have execute for it to pass. Jon On Dec 7, 2012, at 11:43 AM, Robin Sommer wrote: > Actually I see this occasionally here now as well (but not always). > Could this be related to the recent when error handling changes in > f7440375? > > Robin > > On Wed, Dec 05, 2012 at 19:20 -0600, jenkins at brotestbed.ncsa.illinois.edu wrote: > >> UnitTests - Build # 547 - Failure on node "Ubuntu_12.04_x86_64", git branch "$GIT_BRANCH" (${GIT_REVISION, length=12}). > >> core.dns-interpreter-exceptions ... failed >> % 'TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out' failed unexpectedly (exit code 1) >> % cat .diag >> == File =============================== >> 1300475167.096535 expression error in /home/jenkins/workspace/UnitTests/bro/testing/btest/.tmp/core.dns-interpreter-exceptions/dns-interpreter-exceptions.bro, line 28: field value missing [p$ip] >> 1300475167.096535 expression error in /home/jenkins/workspace/UnitTests/bro/testing/btest/.tmp/core.dns-interpreter-exceptions/dns-interpreter-exceptions.bro, line 49: field value missing [p$ip] >> timeout g(), F >> timeout g(), T >> timeout >> g() done, no exception, T >> == Diff =============================== >> --- /tmp/test-diff.24178.out.baseline.tmp 2012-12-06 01:15:17.086767144 +0000 >> +++ /tmp/test-diff.24178.out.tmp 2012-12-06 01:15:17.090767092 +0000 >> @@ -1,12 +1,6 @@ >> 1300475167.096535 expression error in <...>/dns-interpreter-exceptions.bro, line 28: field value missing [p$ip] >> 1300475167.096535 expression error in <...>/dns-interpreter-exceptions.bro, line 49: field value missing [p$ip] >> -1300475168.902195 expression error in <...>/dns-interpreter-exceptions.bro, line 39: field value missing [p$ip] >> -1300475168.902195 expression error in <...>/dns-interpreter-exceptions.bro, line 12: field value missing [p$ip] >> timeout g(), F >> timeout g(), T >> timeout >> g() done, no exception, T >> -localhost resolved >> -localhost resolved from f(), T >> -localhost resolved from f(), F >> -f() done, no exception, T >> ======================================= > > -- > Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org > ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org > _______________________________________________ > bro-dev mailing list > bro-dev at bro-ids.org > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev > From bro at tracker.bro-ids.org Fri Dec 7 10:48:30 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 07 Dec 2012 18:48:30 -0000 Subject: [Bro-Dev] #690: GTP de-tunneling In-Reply-To: <047.bf6216f5c5ffabe44fd63ab9aa939d04@tracker.bro-ids.org> References: <047.bf6216f5c5ffabe44fd63ab9aa939d04@tracker.bro-ids.org> Message-ID: <062.72fa7aa2b7d4a76f4bcd3f5968e2409f@tracker.bro-ids.org> #690: GTP de-tunneling ----------------------------+------------------------ Reporter: robin | Owner: jsiwek Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by jsiwek): * milestone: 2.1 => Bro2.2 Comment: Let's see if this registers the merge request now... -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Dec 7 10:55:44 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 07 Dec 2012 18:55:44 -0000 Subject: [Bro-Dev] #895: Use of &redef attribute at inappropriate times In-Reply-To: <046.90467779e2f646ebf3d9faac3e1d48cc@tracker.bro-ids.org> References: <046.90467779e2f646ebf3d9faac3e1d48cc@tracker.bro-ids.org> Message-ID: <061.61ad334eb5db81f4730492d774b13ca2@tracker.bro-ids.org> #895: Use of &redef attribute at inappropriate times ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: Invalid | Keywords: ----------------------+------------------------ Changes (by jsiwek): * status: new => closed * resolution: => Invalid -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Sat Dec 8 00:00:07 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 8 Dec 2012 00:00:07 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212080800.qB88071M015888@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 690 [1] | robin | jsiwek | Normal | GTP de-tunneling > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ broctl | ba8b78e | Daniel Thayer | 2012-12-06 | Update documentation for recent MailFrom change [2] [1] #690: http://tracker.bro-ids.org/bro/ticket/690 [2] fastpath: http://tracker.bro-ids.org/bro/changeset/ba8b78e823a3b5b3130ea040d2f533a6b9fe16b6/broctl From noreply at bro-ids.org Sun Dec 9 00:00:09 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sun, 9 Dec 2012 00:00:09 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212090800.qB9809Wd003970@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 690 [1] | robin | jsiwek | Normal | GTP de-tunneling [1] #690: http://tracker.bro-ids.org/bro/ticket/690 From vladg at cmu.edu Sun Dec 9 07:05:17 2012 From: vladg at cmu.edu (Vlad Grigorescu) Date: Sun, 9 Dec 2012 15:05:17 +0000 Subject: [Bro-Dev] On the topic of MailTo/MailAlarmsTo... Message-ID: <1202BE242E080642B0CD0AD0A03E855270FD51@PGH-MSGMB-03.andrew.ad.cmu.edu> Similar to what Tyler was doing in #841, we're currently sending e-mails to MailTo into a ticket system. Crash reports are also being sent there, which doesn't really make sense. I don't want to overcomplicate things, but I'm wondering if it makes sense to add a third mail option, for system errors (crash reports, MinDiskSpace, etc.). We have an Incident Response team, who are in charge of handling the notices, and an engineering team, which actually updates the Bro config, and does any sysadmin work, so for us it'd be really useful to have that split. Thoughts? Does this seem like a reasonable change? --Vlad From bro at tracker.bro-ids.org Sun Dec 9 16:24:47 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 10 Dec 2012 00:24:47 -0000 Subject: [Bro-Dev] #920: Have broctl return useful exit codes Message-ID: <052.4d4d3c43d26592dc032ec642c4c68f20@tracker.bro-ids.org> #920: Have broctl return useful exit codes ------------------------+------------------------ Reporter: grigorescu | Type: Patch Status: new | Priority: Normal Milestone: Bro2.2 | Component: BroControl Version: git/master | Keywords: ------------------------+------------------------ I've got a broctl branch here: https://github.com/grigorescu/broctl which aims to have it return a 0 or 1 exit code for most execution paths. My dive down this particular rabbit hole started when I wanted to have status return a non-zero exit code if a node had failed, but I tried to cover everything else while I was at it. If someone could double-check it, to make sure that I didn't miss anything, it'd be much appreciated. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Mon Dec 10 00:00:11 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Mon, 10 Dec 2012 00:00:11 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212100800.qBA80Bgd021794@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 690 [1] | robin | jsiwek | Normal | GTP de-tunneling [1] #690: http://tracker.bro-ids.org/bro/ticket/690 From bro at tracker.bro-ids.org Mon Dec 10 08:38:19 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 10 Dec 2012 16:38:19 -0000 Subject: [Bro-Dev] #920: Have broctl return useful exit codes In-Reply-To: <052.4d4d3c43d26592dc032ec642c4c68f20@tracker.bro-ids.org> References: <052.4d4d3c43d26592dc032ec642c4c68f20@tracker.bro-ids.org> Message-ID: <067.6fbe0488354845a6a8071153fba72148@tracker.bro-ids.org> #920: Have broctl return useful exit codes -------------------------+------------------------ Reporter: grigorescu | Owner: Type: Patch | Status: new Priority: Normal | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: -------------------------+------------------------ Comment (by robin): Haven't looked at the code yet but I'm wondering about the right semantics for a non-zero code. Intuitively I'd expect non-zero if the command had seriously failed but it's a bit fuzzy when a command succeeded vs. failed; if {{{start}}} started up the whole cluster except for one node which is currently down, is that a failure? What semantics is the patch currently using? Plugins have the {{{hostStatusChanged}}} method. Would that help as an alternative? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Dec 10 09:51:36 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 10 Dec 2012 17:51:36 -0000 Subject: [Bro-Dev] #920: Have broctl return useful exit codes In-Reply-To: <052.4d4d3c43d26592dc032ec642c4c68f20@tracker.bro-ids.org> References: <052.4d4d3c43d26592dc032ec642c4c68f20@tracker.bro-ids.org> Message-ID: <067.8afba3ca17d446c7be902d0539032bdb@tracker.bro-ids.org> #920: Have broctl return useful exit codes -------------------------+------------------------ Reporter: grigorescu | Owner: Type: Patch | Status: new Priority: Normal | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: -------------------------+------------------------ Comment (by grigorescu): Replying to [comment:1 robin]: > Haven't looked at the code yet but I'm wondering about the right semantics for a non-zero code. Intuitively I'd expect non-zero if the command had seriously failed but it's a bit fuzzy when a command succeeded vs. failed; if {{{start}}} started up the whole cluster except for one node which is currently down, is that a failure? What semantics is the patch currently using? To me, the interpretation of the exit code for broctl is "was the result of the command what the documentation says *should have* happened?" So, for the case you listed, when I run start, I expect Bro to start all the nodes. If one of the nodes didn't start, the command didn't execute as expected. The one exception for this is status - based on the above definition, the exit code should only signify whether or not broctl was able to determine the status of all the nodes. However, I think it makes sense to keep status in line with most status commands, that return 0 if everything is ok, and 1 otherwise. My incentive for writing this was to create a Puppet module for Bro. All that really needs is for status to return the proper exit code. If that seems like a reasonable change, I can make a commit just for status, until the rest of the commands can be further discussed. > Plugins have the {{{hostStatusChanged}}} method. Would that help as an alternative? That only seems to reflect the availability of a system, and doesn't tell you anything about the status of the nodes running on that system. I don't think that's quite what I'm looking for. -- Ticket URL: Bro Tracker Bro Issue Tracker From robin at icir.org Mon Dec 10 12:35:17 2012 From: robin at icir.org (Robin Sommer) Date: Mon, 10 Dec 2012 12:35:17 -0800 Subject: [Bro-Dev] On the topic of MailTo/MailAlarmsTo... In-Reply-To: <1202BE242E080642B0CD0AD0A03E855270FD51@PGH-MSGMB-03.andrew.ad.cmu.edu> References: <1202BE242E080642B0CD0AD0A03E855270FD51@PGH-MSGMB-03.andrew.ad.cmu.edu> Message-ID: <20121210203517.GS66949@icir.org> On Sun, Dec 09, 2012 at 15:05 +0000, you wrote: > e-mails to MailTo into a ticket system. Crash reports are also being > sent there, which doesn't really make sense. That sounds like crash reports are sent to the wrong place. We have two options for mails: Option("MailTo", "", "string", Option.USER, True, "Destination address for non-alarm mails."), Option("MailAlarmsTo", "${MailTo}", "string", Option.USER, True, "Destination address for alarm summary mails. Default is to use the same address as MailTo."), I believe the original intention was to use MailAlarmsTo for everything to the IR team, and MailTo for all the adminstrative stuff. Doesn't sound like that's still the case anymore but maybe somethign we should go back to? Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From bro at tracker.bro-ids.org Mon Dec 10 20:29:31 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 11 Dec 2012 04:29:31 -0000 Subject: [Bro-Dev] #690: GTP de-tunneling In-Reply-To: <047.bf6216f5c5ffabe44fd63ab9aa939d04@tracker.bro-ids.org> References: <047.bf6216f5c5ffabe44fd63ab9aa939d04@tracker.bro-ids.org> Message-ID: <062.a1757553936b6cc4dad300d05920d0e0@tracker.bro-ids.org> #690: GTP de-tunneling ----------------------------+------------------------ Reporter: robin | Owner: jsiwek Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * status: assigned => closed * resolution: => fixed Comment: In [b867333c2e4bf615b193ee49a4cda393ece108b0/bro]: {{{ #!CommitTicketReference repository="bro" revision="b867333c2e4bf615b193ee49a4cda393ece108b0" Merge remote-tracking branch 'origin/topic/jsiwek/gtp' * origin/topic/jsiwek/gtp: Change binpac exceptions in AYIYA/GTP analyzers to do protocol_violation Add GTP tunnel analyzer memory leak unit test. Add GPRS Tunnelling Protocol (GTPv1) decapsulation. Closes #690. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Tue Dec 11 00:00:07 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Tue, 11 Dec 2012 00:00:07 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212110800.qBB807d1008466@bro-ids.icir.org> > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | cb7fd7c | Daniel Thayer | 2012-12-10 | Remove unused attributes [1] [1] fastpath: http://tracker.bro-ids.org/bro/changeset/cb7fd7c87cc67cd66f3a2b98540ed4e53cc49bbb/bro From bro at tracker.bro-ids.org Tue Dec 11 12:03:56 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 11 Dec 2012 20:03:56 -0000 Subject: [Bro-Dev] #248: Attribute propagation In-Reply-To: <050.3cfaa2c2668c1378248534dbf47aab09@tracker.bro-ids.org> References: <050.3cfaa2c2668c1378248534dbf47aab09@tracker.bro-ids.org> Message-ID: <065.d85ce9cea674d6b56de9e3a2a1cba6db@tracker.bro-ids.org> #248: Attribute propagation -----------------------+------------------- Reporter: matthias | Owner: Type: defect | Status: new Priority: Normal | Milestone: Component: Bro | Version: 1.5.1 Resolution: | Keywords: -----------------------+------------------- Comment (by jsiwek): In [784adf3f6ba781f0ade427d8f7177c540d8f7100/bro]: {{{ #!CommitTicketReference repository="bro" revision="784adf3f6ba781f0ade427d8f7177c540d8f7100" Fixes to attribute propagation issues for variables and types. - A type declarations w/ attributes will propogate them to local and global variable declarations that use the type. Addresses #248. - A local or global variable declared with attributes will propogate them values that are later assigned to it. Addresses #151, #67, #474. Addresses #327 in that it should be a more consistent approach to attribute propagation than before: the rules are that they can migrate in one direction: type -> variable -> value. It also clears up the most common usage issue: the expectation that attributes in a local or global variable declaration apply to the identifier in that declaration such that later values assigned to it are subjected to those attributes. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Dec 11 12:03:58 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 11 Dec 2012 20:03:58 -0000 Subject: [Bro-Dev] #327: Binding attributes to values/variables In-Reply-To: <047.09785405b05ea472690e9a544c78a166@tracker.bro-ids.org> References: <047.09785405b05ea472690e9a544c78a166@tracker.bro-ids.org> Message-ID: <062.886e77a5ca35051b86329ecca3f341ba@tracker.bro-ids.org> #327: Binding attributes to values/variables ----------------------+------------------------ Reporter: robin | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by jsiwek): In [784adf3f6ba781f0ade427d8f7177c540d8f7100/bro]: {{{ #!CommitTicketReference repository="bro" revision="784adf3f6ba781f0ade427d8f7177c540d8f7100" Fixes to attribute propagation issues for variables and types. - A type declarations w/ attributes will propogate them to local and global variable declarations that use the type. Addresses #248. - A local or global variable declared with attributes will propogate them values that are later assigned to it. Addresses #151, #67, #474. Addresses #327 in that it should be a more consistent approach to attribute propagation than before: the rules are that they can migrate in one direction: type -> variable -> value. It also clears up the most common usage issue: the expectation that attributes in a local or global variable declaration apply to the identifier in that declaration such that later values assigned to it are subjected to those attributes. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Dec 11 12:03:59 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 11 Dec 2012 20:03:59 -0000 Subject: [Bro-Dev] #474: &raw_output turns null values into \0 In-Reply-To: <046.21443edb25709a7dff08ac2dadf6c6e0@tracker.bro-ids.org> References: <046.21443edb25709a7dff08ac2dadf6c6e0@tracker.bro-ids.org> Message-ID: <061.ce2c27c6c8ec91812e5830d38f44268d@tracker.bro-ids.org> #474: &raw_output turns null values into \0 ----------------------+------------------------ Reporter: seth | Owner: jsiwek Type: Problem | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: preview ----------------------+------------------------ Comment (by jsiwek): In [784adf3f6ba781f0ade427d8f7177c540d8f7100/bro]: {{{ #!CommitTicketReference repository="bro" revision="784adf3f6ba781f0ade427d8f7177c540d8f7100" Fixes to attribute propagation issues for variables and types. - A type declarations w/ attributes will propogate them to local and global variable declarations that use the type. Addresses #248. - A local or global variable declared with attributes will propogate them values that are later assigned to it. Addresses #151, #67, #474. Addresses #327 in that it should be a more consistent approach to attribute propagation than before: the rules are that they can migrate in one direction: type -> variable -> value. It also clears up the most common usage issue: the expectation that attributes in a local or global variable declaration apply to the identifier in that declaration such that later values assigned to it are subjected to those attributes. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Dec 11 12:04:00 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 11 Dec 2012 20:04:00 -0000 Subject: [Bro-Dev] #67: Grammar ambiguity with "local" for introducing "when" variables In-Reply-To: <046.08c93151b80de17c362e9daeff9fdcf9@tracker.bro-ids.org> References: <046.08c93151b80de17c362e9daeff9fdcf9@tracker.bro-ids.org> Message-ID: <061.51fdece8534bcba2582dc48812634d64@tracker.bro-ids.org> #67: Grammar ambiguity with "local" for introducing "when" variables ----------------------+------------------ Reporter: vern | Owner: Type: Problem | Status: seen Priority: Normal | Milestone: Component: Bro | Version: Resolution: | Keywords: ----------------------+------------------ Comment (by jsiwek): In [784adf3f6ba781f0ade427d8f7177c540d8f7100/bro]: {{{ #!CommitTicketReference repository="bro" revision="784adf3f6ba781f0ade427d8f7177c540d8f7100" Fixes to attribute propagation issues for variables and types. - A type declarations w/ attributes will propogate them to local and global variable declarations that use the type. Addresses #248. - A local or global variable declared with attributes will propogate them values that are later assigned to it. Addresses #151, #67, #474. Addresses #327 in that it should be a more consistent approach to attribute propagation than before: the rules are that they can migrate in one direction: type -> variable -> value. It also clears up the most common usage issue: the expectation that attributes in a local or global variable declaration apply to the identifier in that declaration such that later values assigned to it are subjected to those attributes. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Dec 11 12:04:00 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 11 Dec 2012 20:04:00 -0000 Subject: [Bro-Dev] #151: &raw_output doesn't propagate In-Reply-To: <046.722d0d775ea264ee74fda4ab9c7331ee@tracker.bro-ids.org> References: <046.722d0d775ea264ee74fda4ab9c7331ee@tracker.bro-ids.org> Message-ID: <061.332ba65f17e5b6b3d33869eb501825f4@tracker.bro-ids.org> #151: &raw_output doesn't propagate ----------------------+------------------ Reporter: vern | Owner: Type: Problem | Status: seen Priority: Normal | Milestone: Component: Bro | Version: Resolution: | Keywords: ----------------------+------------------ Comment (by jsiwek): In [784adf3f6ba781f0ade427d8f7177c540d8f7100/bro]: {{{ #!CommitTicketReference repository="bro" revision="784adf3f6ba781f0ade427d8f7177c540d8f7100" Fixes to attribute propagation issues for variables and types. - A type declarations w/ attributes will propogate them to local and global variable declarations that use the type. Addresses #248. - A local or global variable declared with attributes will propogate them values that are later assigned to it. Addresses #151, #67, #474. Addresses #327 in that it should be a more consistent approach to attribute propagation than before: the rules are that they can migrate in one direction: type -> variable -> value. It also clears up the most common usage issue: the expectation that attributes in a local or global variable declaration apply to the identifier in that declaration such that later values assigned to it are subjected to those attributes. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Dec 11 13:34:35 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 11 Dec 2012 21:34:35 -0000 Subject: [Bro-Dev] #327: Binding attributes to values/variables In-Reply-To: <047.09785405b05ea472690e9a544c78a166@tracker.bro-ids.org> References: <047.09785405b05ea472690e9a544c78a166@tracker.bro-ids.org> Message-ID: <062.10c28ed10af80cf8304a5c532896daa3@tracker.bro-ids.org> #327: Binding attributes to values/variables ----------------------+------------------------ Reporter: robin | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by jsiwek): Replying to [comment:1 robin]: > To clarify, the attached thread does not necessarily reflect a > resolution we fully converged on. We will need to rediscuss the > right approach before tackling this. Feel like discussing more? > From Vern: > > In abstract terms, we need to marry two notions: per-variable > attributes (those introduced when defining the variable) and > per-value attributes (those introduced when creating a value). > These both exist under-the-hood, but the rules for propagating > them are ad hoc. My description of it would be that the contexts in which attributes are used are ad hoc while the propagation rules for most contexts are just mostly non-existing. Specifically for the context of local/global variable declarations, the only propagation that occurred was at init/parse time when the declaration also included an initialization. This seems to cause the most confusion for people as they expect values assigned to such a variable at run time to inherit the attributes. I did some changes in `topic/jsiwek/attr- propogation` (sic) that I think fixes the propagation expectations for this context with the rules being that attributes in declarations will propagate in the "type -> variable -> value" direction for values assigned at either init-time or run-time. Some of the other contexts that use attributes don't have such a clear propagation expectation (record fields are currently ambiguous and function/events don't seem to require any propagation technique). So I think if there were a strong need to be able to apply attributes specifically to a value, those cases should be approached by adding the new "add ;" statement or with BIFs. > That said, I'm not really sure that this should ideally look like. > Intuitively, I'd actually say attributes belong to values, not > variables, because transfer-on-assignment can lead to subtle effects > (values are passed around, and what if the receiving function > happens to assign the value to the wrong variable?. Also what if you > assign a value with attribute X to a variable without X; shouldn't > the value then be *deleted* for consistency reasons?). I would think of it as values being able to inherit attributes from variables with the variable's attributes taking precedence over a value's in case of conflict. But that doesn't preclude a value from being able to own separate attributes. > A declaration such as > > const foo = F &redef; > > can be interpreted as "we can rebind foo if it's current value has > the &redef attribute". > > I haven't thought this through actually but I guess my question is > whether we need per-variable attributes at all? There's the cases were a "variable" may not have a value yet (table types are an exception to this). The way around that would be the dynamic attribute application methods mentioned before (a BIF or "add ;" statement) and then probably get rid of attributes in variable declarations completely because otherwise you still would need the variable identifier to hold on to attributes until the first value assignment. That approach seems a little inconvenient/cumbersome. There's also record field attributes which apply more to the field itself and not the value assigned to it. So do you think that my branch would be worth merging on the grounds that it aligns local/global variable attribute propagation with people's expectation, but it doesn't claim to unify attributes to a single usage context (maybe it's too late for that)? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Dec 11 14:38:50 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 11 Dec 2012 22:38:50 -0000 Subject: [Bro-Dev] #921: topic/dnthayer/mail-conn-summary Message-ID: <050.2a6fca93a15e56fc0cb8a7b5cd320e48@tracker.bro-ids.org> #921: topic/dnthayer/mail-conn-summary ---------------------------+------------------------ Reporter: dnthayer | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: BroControl | Version: git/master Keywords: | ---------------------------+------------------------ This branch adds a new broctl option "MailConnectionSummary" that specifies whether or not to mail the connection summary reports. Assuming that the trace-summary script is available, then connection summary reports will be generated and archived (along with all the other log files) regardless of the setting of this option (i.e., this option only affects whether the connection summaries are mailed or not). -- Ticket URL: Bro Tracker Bro Issue Tracker From vladg at cmu.edu Tue Dec 11 16:18:31 2012 From: vladg at cmu.edu (Vlad Grigorescu) Date: Wed, 12 Dec 2012 00:18:31 +0000 Subject: [Bro-Dev] On the topic of MailTo/MailAlarmsTo... In-Reply-To: <20121210203517.GS66949@icir.org> References: <1202BE242E080642B0CD0AD0A03E855270FD51@PGH-MSGMB-03.andrew.ad.cmu.edu> <20121210203517.GS66949@icir.org> Message-ID: <1202BE242E080642B0CD0AD0A03E8552724453@PGH-MSGMB-03.andrew.ad.cmu.edu> On Dec 10, 2012, at 3:35 PM, Robin Sommer wrote: > I believe the original intention was to use MailAlarmsTo for > everything to the IR team, and MailTo for all the adminstrative stuff. > Doesn't sound like that's still the case anymore but maybe somethign > we should go back to? Interesting. So currently, the setup is: - Bro Notice::ACTION_EMAIL -> MailTo - Bro Notice::ACTION_ALARM -> MailAlarmsTo (only sent as summaries) - broctl summarize-connections -> MailTo - broctl crash reports -> MailTo - broctl cron output -> MailTo So, that lines up pretty well with what you said, with the exception of ACTION_EMAIL. I think most setups will want those going to the IR team AKA MailAlarmsTo. But then we're back in the situation where alarm summaries and notice e-mails go to the same place, which is annoying if that place is a ticket system. (That was changed in #814, not #841 as I previously said). What I initially did was create another action ("ACTION_EMAIL_IR"), but that doesn't work well with extend-email/hostnames, which exits if the action isn't ACTION_EMAIL. --Vlad From noreply at bro-ids.org Wed Dec 12 00:00:07 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Wed, 12 Dec 2012 00:00:07 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212120800.qBC807mN013031@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ BroControl | 921 [1] | dnthayer | | Normal | topic/dnthayer/mail-conn-summary [2] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 43ed437 | Jon Siwek | 2012-12-11 | Trick for parallelizing input framework unit tests. [3] bro | aff5898 | Jon Siwek | 2012-12-11 | Maybe fix reliability of a unit test that relies on when statements. [4] bro | cb7fd7c | Daniel Thayer | 2012-12-10 | Remove unused attributes [5] [1] #921: http://tracker.bro-ids.org/bro/ticket/921 [2] mail-conn-summary: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/mail-conn-summary [3] fastpath: http://tracker.bro-ids.org/bro/changeset/43ed437daabb4575549e82f53881980353905242/bro [4] fastpath: http://tracker.bro-ids.org/bro/changeset/aff58984422814c98b89c4d2036b34acd1119602/bro [5] fastpath: http://tracker.bro-ids.org/bro/changeset/cb7fd7c87cc67cd66f3a2b98540ed4e53cc49bbb/bro From bro at tracker.bro-ids.org Wed Dec 12 13:09:31 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 12 Dec 2012 21:09:31 -0000 Subject: [Bro-Dev] #660: Initializing a table with a record as an index does not work In-Reply-To: <048.67b15571cb4de0bd789177060fea4dc2@tracker.bro-ids.org> References: <048.67b15571cb4de0bd789177060fea4dc2@tracker.bro-ids.org> Message-ID: <063.bb6d48cba0a7a9063ef1ccd8540d1d72@tracker.bro-ids.org> #660: Initializing a table with a record as an index does not work ----------------------+---------------------- Reporter: amannb | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Component: Bro | Version: Resolution: | Keywords: language ----------------------+---------------------- Comment (by jsiwek): In [f6d5da423cccc5585d191a3d48745977659eca79/bro]: {{{ #!CommitTicketReference repository="bro" revision="f6d5da423cccc5585d191a3d48745977659eca79" Fix record constructors in table initializer indices. Addresses #660. For an index expression list, ListExpr::InitVal() passed the TypeList to Expr::InitVal() for each expression element in the list instead of the type for that element. This made RecordConstructorExpr::InitVal() complain since it expects a RecordType and not a TypeList with a RecordType element as an argument. In most other cases, Expr::InitVal() worked because check_and_promote() "flattens" the list to a single type. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Dec 12 13:10:58 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 12 Dec 2012 21:10:58 -0000 Subject: [Bro-Dev] #660: Initializing a table with a record as an index does not work In-Reply-To: <048.67b15571cb4de0bd789177060fea4dc2@tracker.bro-ids.org> References: <048.67b15571cb4de0bd789177060fea4dc2@tracker.bro-ids.org> Message-ID: <063.a5cf19bcf8acccb36fd2cdd767db94c4@tracker.bro-ids.org> #660: Initializing a table with a record as an index does not work ----------------------------+---------------------- Reporter: amannb | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Component: Bro | Version: Resolution: | Keywords: language ----------------------------+---------------------- Changes (by jsiwek): * type: Problem => Merge Request Comment: Fix in `topic/jsiwek/table-init-record-idx`. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Dec 12 14:39:55 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 12 Dec 2012 22:39:55 -0000 Subject: [Bro-Dev] #922: const local variables aren't constant Message-ID: <046.5b0594fa2e290c13561f96a3b37c840c@tracker.bro-ids.org> #922: const local variables aren't constant ---------------------+------------------------ Reporter: vern | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------+------------------------ This Bro script happily prints "6": {{{ event bro_init() { const foo = 5; ++foo; print foo; } }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Dec 12 14:51:58 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 12 Dec 2012 22:51:58 -0000 Subject: [Bro-Dev] #921: topic/dnthayer/mail-conn-summary In-Reply-To: <050.2a6fca93a15e56fc0cb8a7b5cd320e48@tracker.bro-ids.org> References: <050.2a6fca93a15e56fc0cb8a7b5cd320e48@tracker.bro-ids.org> Message-ID: <065.066d7c918da127e8a0f2e30db462687f@tracker.bro-ids.org> #921: topic/dnthayer/mail-conn-summary ----------------------------+------------------------ Reporter: dnthayer | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [f4d6a2af15404dc1349d12d2ad21a3eebcb2ff1e/broctl]: {{{ #!CommitTicketReference repository="broctl" revision="f4d6a2af15404dc1349d12d2ad21a3eebcb2ff1e" Merge remote-tracking branch 'origin/topic/dnthayer/mail-conn-summary' * origin/topic/dnthayer/mail-conn-summary: Add broctl option for conn. summary emails Closes #921. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From robin at icir.org Wed Dec 12 19:20:49 2012 From: robin at icir.org (Robin Sommer) Date: Wed, 12 Dec 2012 19:20:49 -0800 Subject: [Bro-Dev] [Bro-Commits] [git/broccoli] fastpath: Rebuild only necessary files for new prefix (74cbf83) In-Reply-To: <201212122305.qBCN539N029415@bro-ids.icir.org> References: <201212122305.qBCN539N029415@bro-ids.icir.org> Message-ID: <20121213032049.GE20042@icir.org> On Wed, Dec 12, 2012 at 15:05 -0800, you wrote: > When rebuilding just to change the install prefix, now only two > files need to be recompiled, instead of 56 files. This is good. However, I'm still wondering if an environemnt variable isn't the better approach. We'd set something like BROCTL_INSTALL_PREFIX and then broctl uses that instead of the configure-time prefix. The advantage is that one can run the test-suite without messing with the Bro configuration (and hence don't need another configure next time before doing "real" make install). Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From noreply at bro-ids.org Thu Dec 13 00:00:06 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Thu, 13 Dec 2012 00:00:06 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212130800.qBD8062A014193@bro-ids.icir.org> > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ broccoli | 74cbf83 | Daniel Thayer | 2012-12-12 | Rebuild only necessary files for new prefix [1] [1] fastpath: http://tracker.bro-ids.org/bro/changeset/74cbf83f13742dc5ad79a23c2c8c40b6c52b4ffd/broccoli From bro at tracker.bro-ids.org Thu Dec 13 13:13:14 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 13 Dec 2012 21:13:14 -0000 Subject: [Bro-Dev] #922: const local variables aren't constant In-Reply-To: <046.5b0594fa2e290c13561f96a3b37c840c@tracker.bro-ids.org> References: <046.5b0594fa2e290c13561f96a3b37c840c@tracker.bro-ids.org> Message-ID: <061.990672f2fca79f9a6a5ca770ace7cc6c@tracker.bro-ids.org> #922: const local variables aren't constant ----------------------+------------------------ Reporter: vern | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by jsiwek): In [290c2a0b4df2db38ade684cf386a5c9b6b271d9e/bro]: {{{ #!CommitTicketReference repository="bro" revision="290c2a0b4df2db38ade684cf386a5c9b6b271d9e" Make const variables actually constant. Addresses #922. Both local and global variables declared with "const" could be modified, but now expressions that would modify them should generate an error message at parse-time. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Dec 13 13:15:04 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 13 Dec 2012 21:15:04 -0000 Subject: [Bro-Dev] #922: const local variables aren't constant In-Reply-To: <046.5b0594fa2e290c13561f96a3b37c840c@tracker.bro-ids.org> References: <046.5b0594fa2e290c13561f96a3b37c840c@tracker.bro-ids.org> Message-ID: <061.1ba77d9d3d47226e1767cea97a81cd85@tracker.bro-ids.org> #922: const local variables aren't constant ----------------------------+------------------------ Reporter: vern | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by jsiwek): * type: Problem => Merge Request Comment: Patched in `topic/jsiwek/const`. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Dec 13 20:16:36 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 14 Dec 2012 04:16:36 -0000 Subject: [Bro-Dev] #923: Parse Error Missing in Record/Type Confusion Message-ID: <052.112e9fd256469c894c1fbc136f2c314f@tracker.bro-ids.org> #923: Parse Error Missing in Record/Type Confusion ------------------------+--------------------- Reporter: grigorescu | Type: Problem Status: new | Priority: Normal Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: ------------------------+--------------------- The following code: {{{ type test_record: record { my_string: string; }; function test(s: test_record) { print test_record$my_string; } event bro_init() { test([$my_string="Hello"]); } }}} causes a reporter error: {{{fatal error in : Val::CONVERTER (type/record) ()}}}. Note that function test is attempting to access test_record$my_string (where test_record is a type) as opposed to s$my_string (where s is an instance of test_record). This is a message that I've seen before, and had a very hard time debugging. It seems like this should generate a parse error, or at the very least, report the location. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Dec 13 20:31:15 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 14 Dec 2012 04:31:15 -0000 Subject: [Bro-Dev] #924: String BIFs Return 1-indexed string_arrays Message-ID: <052.e2217e6743a43bf4843adf6be0572c2d@tracker.bro-ids.org> #924: String BIFs Return 1-indexed string_arrays ------------------------+--------------------- Reporter: grigorescu | Type: Problem Status: new | Priority: Normal Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: ------------------------+--------------------- The following BIFs return 1-indexed string_arrays: * sort_string_array * split * split1 * split_all * split_n -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Fri Dec 14 00:00:05 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Fri, 14 Dec 2012 00:00:05 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212140800.qBE805to005285@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 922 [1] | vern | | Normal | const local variables aren't constant > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 524e15f | Bernhard Amann | 2012-12-13 | Fix memory leak in ascii input reader. [2] bro | 3c27267 | Seth Hall | 2012-12-13 | Improvements for the "bad checksums" detector to make it detect bad TCP checksums. [3] bro | 0cf98ac | Seth Hall | 2012-12-13 | Improved file name extraction for SMTP when file name is included in Content-Type header. [4] broccoli | 1c0fa4b | Daniel Thayer | 2012-12-13 | Sync up with attribute definitions in Bro [5] broccoli | 74cbf83 | Daniel Thayer | 2012-12-12 | Rebuild only necessary files for new prefix [6] [1] #922: http://tracker.bro-ids.org/bro/ticket/922 [2] fastpath: http://tracker.bro-ids.org/bro/changeset/524e15f2c5d49e8a3883e83f01078487c289cacd/bro [3] fastpath: http://tracker.bro-ids.org/bro/changeset/3c27267223bbd3f6c9910ef20acb9ce0e42cfacb/bro [4] fastpath: http://tracker.bro-ids.org/bro/changeset/0cf98ac3259d503f479460b721833d43095d216b/bro [5] fastpath: http://tracker.bro-ids.org/bro/changeset/1c0fa4be727328e07ec32af0918e10936e064387/broccoli [6] fastpath: http://tracker.bro-ids.org/bro/changeset/74cbf83f13742dc5ad79a23c2c8c40b6c52b4ffd/broccoli From bro at tracker.bro-ids.org Fri Dec 14 10:56:46 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 14 Dec 2012 18:56:46 -0000 Subject: [Bro-Dev] #925: Requesting merge of opaque branch Message-ID: <050.837caafda854f2426ed182576a7a948e@tracker.bro-ids.org> #925: Requesting merge of opaque branch ---------------------------+------------------------ Reporter: matthias | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ The branch topic/matthias/opaque contains the implementation of the new opaque type. The following types no longer use an internal `index:any` type but instead a type-safe abstraction via `opaque of T`: - md5 - sha1 - sha256 - entropy Moreover, all these new types are serializable and can be sent over the network. E.g., one node can start the incremental hash/entropy computation, send the opaque type to another node where it finishes. All tests pass locally and on Jenkins (minus two that also fail on master). -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Dec 14 15:09:42 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 14 Dec 2012 23:09:42 -0000 Subject: [Bro-Dev] #730: Find and fix tcp sequence counting bugs In-Reply-To: <046.dcc46d96df7639fb8de3a135dbe7e0cc@tracker.bro-ids.org> References: <046.dcc46d96df7639fb8de3a135dbe7e0cc@tracker.bro-ids.org> Message-ID: <061.8a05432eb98cc648aace7353dcf89804@tracker.bro-ids.org> #730: Find and fix tcp sequence counting bugs ----------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Comment (by jsiwek): In [81ae68be16c919c4a662aed5d29cdca86e401b15/bro]: {{{ #!CommitTicketReference repository="bro" revision="81ae68be16c919c4a662aed5d29cdca86e401b15" Fix a case where c$resp$size is misrepresented. Addresses #730. That field is based on TCP sequence numbers and on seeing a SYN followed by a failed RST injection response, the initial sequence number tracked the value in the injection (most likely zero) instead of value in subsequent SYN response. This could make c$resp$size be set to large values when it's not really. Also removed some dead code paths. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Dec 14 15:12:28 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 14 Dec 2012 23:12:28 -0000 Subject: [Bro-Dev] #730: Find and fix tcp sequence counting bugs In-Reply-To: <046.dcc46d96df7639fb8de3a135dbe7e0cc@tracker.bro-ids.org> References: <046.dcc46d96df7639fb8de3a135dbe7e0cc@tracker.bro-ids.org> Message-ID: <061.67b4705746ad79d24a19a706252c02fc@tracker.bro-ids.org> #730: Find and fix tcp sequence counting bugs ----------------------------+-------------------- Reporter: seth | Owner: Type: Merge Request | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: Resolution: | Keywords: ----------------------------+-------------------- Changes (by jsiwek): * type: Problem => Merge Request Comment: Patch for at least the case in the large-byte-count1.trace example is in `topic/jsiwek/ticket-730`. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Dec 14 15:35:50 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 14 Dec 2012 23:35:50 -0000 Subject: [Bro-Dev] #922: const local variables aren't constant In-Reply-To: <046.5b0594fa2e290c13561f96a3b37c840c@tracker.bro-ids.org> References: <046.5b0594fa2e290c13561f96a3b37c840c@tracker.bro-ids.org> Message-ID: <061.9e1a4b18c789b159ecbf35434b85a419@tracker.bro-ids.org> #922: const local variables aren't constant ----------------------------+------------------------ Reporter: vern | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [ea6b62f5868d9850c56e3ca5bde1a27e32196d1e/bro]: {{{ #!CommitTicketReference repository="bro" revision="ea6b62f5868d9850c56e3ca5bde1a27e32196d1e" Merge remote-tracking branch 'origin/topic/jsiwek/const' * origin/topic/jsiwek/const: Make const variables actually constant. Addresses #922. Closes #922. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Sat Dec 15 00:00:07 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 15 Dec 2012 00:00:07 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212150800.qBF807sn008757@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 730 [1] | seth | | High | Find and fix tcp sequence counting bugs Bro | 925 [2] | matthias | | Normal | Requesting merge of opaque branch > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ broccoli | 1c0fa4b | Daniel Thayer | 2012-12-13 | Sync up with attribute definitions in Bro [3] broccoli | 74cbf83 | Daniel Thayer | 2012-12-12 | Rebuild only necessary files for new prefix [4] [1] #730: http://tracker.bro-ids.org/bro/ticket/730 [2] #925: http://tracker.bro-ids.org/bro/ticket/925 [3] fastpath: http://tracker.bro-ids.org/bro/changeset/1c0fa4be727328e07ec32af0918e10936e064387/broccoli [4] fastpath: http://tracker.bro-ids.org/bro/changeset/74cbf83f13742dc5ad79a23c2c8c40b6c52b4ffd/broccoli From noreply at bro-ids.org Sun Dec 16 00:00:03 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sun, 16 Dec 2012 00:00:03 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212160800.qBG803Nh007122@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 730 [1] | seth | | High | Find and fix tcp sequence counting bugs Bro | 925 [2] | matthias | | Normal | Requesting merge of opaque branch > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ broccoli | 1c0fa4b | Daniel Thayer | 2012-12-13 | Sync up with attribute definitions in Bro [3] broccoli | 74cbf83 | Daniel Thayer | 2012-12-12 | Rebuild only necessary files for new prefix [4] [1] #730: http://tracker.bro-ids.org/bro/ticket/730 [2] #925: http://tracker.bro-ids.org/bro/ticket/925 [3] fastpath: http://tracker.bro-ids.org/bro/changeset/1c0fa4be727328e07ec32af0918e10936e064387/broccoli [4] fastpath: http://tracker.bro-ids.org/bro/changeset/74cbf83f13742dc5ad79a23c2c8c40b6c52b4ffd/broccoli From noreply at bro-ids.org Mon Dec 17 00:00:05 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Mon, 17 Dec 2012 00:00:05 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212170800.qBH805E7025870@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 730 [1] | seth | | High | Find and fix tcp sequence counting bugs Bro | 925 [2] | matthias | | Normal | Requesting merge of opaque branch > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ broccoli | 1c0fa4b | Daniel Thayer | 2012-12-13 | Sync up with attribute definitions in Bro [3] broccoli | 74cbf83 | Daniel Thayer | 2012-12-12 | Rebuild only necessary files for new prefix [4] [1] #730: http://tracker.bro-ids.org/bro/ticket/730 [2] #925: http://tracker.bro-ids.org/bro/ticket/925 [3] fastpath: http://tracker.bro-ids.org/bro/changeset/1c0fa4be727328e07ec32af0918e10936e064387/broccoli [4] fastpath: http://tracker.bro-ids.org/bro/changeset/74cbf83f13742dc5ad79a23c2c8c40b6c52b4ffd/broccoli From slagell at illinois.edu Mon Dec 17 08:24:17 2012 From: slagell at illinois.edu (Slagell, Adam J) Date: Mon, 17 Dec 2012 16:24:17 +0000 Subject: [Bro-Dev] [Bro-Commits] [git/broccoli] fastpath: Rebuild only necessary files for new prefix (74cbf83) In-Reply-To: <20121213032049.GE20042@icir.org> References: <201212122305.qBCN539N029415@bro-ids.icir.org> <20121213032049.GE20042@icir.org> Message-ID: <558D23D33781EF45A69229CDAC6BF15110B73908@CITESMBX6.ad.uillinois.edu> On Dec 12, 2012, at 9:20 PM, Robin Sommer wrote: > > On Wed, Dec 12, 2012 at 15:05 -0800, you wrote: > >> When rebuilding just to change the install prefix, now only two >> files need to be recompiled, instead of 56 files. > > This is good. However, I'm still wondering if an environemnt variable > isn't the better approach. We'd set something like > BROCTL_INSTALL_PREFIX and then broctl uses that instead of the > configure-time prefix. The advantage is that one can run the > test-suite without messing with the Bro configuration (and hence don't > need another configure next time before doing "real" make install). I think this might be a nice to have feature to add later, but I would rather not spend too much time on this now, especially if Seth is talking about completely rewriting broctl. For now let's focus on getting a a solid, working test infrastructure. Sound good? From robin at icir.org Mon Dec 17 12:43:36 2012 From: robin at icir.org (Robin Sommer) Date: Mon, 17 Dec 2012 12:43:36 -0800 Subject: [Bro-Dev] [Bro-Commits] [git/broccoli] fastpath: Rebuild only necessary files for new prefix (74cbf83) In-Reply-To: <558D23D33781EF45A69229CDAC6BF15110B73908@CITESMBX6.ad.uillinois.edu> References: <201212122305.qBCN539N029415@bro-ids.icir.org> <20121213032049.GE20042@icir.org> <558D23D33781EF45A69229CDAC6BF15110B73908@CITESMBX6.ad.uillinois.edu> Message-ID: <20121217204336.GB85454@icir.org> On Mon, Dec 17, 2012 at 16:24 +0000, you wrote: > I think this might be a nice to have feature to add later, Well, seems that has already happened in the meantime? Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From slagell at illinois.edu Mon Dec 17 12:45:54 2012 From: slagell at illinois.edu (Slagell, Adam J) Date: Mon, 17 Dec 2012 20:45:54 +0000 Subject: [Bro-Dev] [Bro-Commits] [git/broccoli] fastpath: Rebuild only necessary files for new prefix (74cbf83) In-Reply-To: <20121217204336.GB85454@icir.org> References: <201212122305.qBCN539N029415@bro-ids.icir.org> <20121213032049.GE20042@icir.org> <558D23D33781EF45A69229CDAC6BF15110B73908@CITESMBX6.ad.uillinois.edu> <20121217204336.GB85454@icir.org> Message-ID: <558D23D33781EF45A69229CDAC6BF15110B74D7F@CITESMBX6.ad.uillinois.edu> On Dec 17, 2012, at 2:43 PM, Robin Sommer wrote: > > On Mon, Dec 17, 2012 at 16:24 +0000, you wrote: > >> I think this might be a nice to have feature to add later, > > Well, seems that has already happened in the meantime? There's still the additional configure I think. ------ Adam J. Slagell, CISO, CISSP Chief Information Security Officer National Center for Supercomputing Applications University of Illinois at Urbana-Champaign www.slagell.info 217.244.8965 "Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure." From dnthayer at illinois.edu Mon Dec 17 13:14:05 2012 From: dnthayer at illinois.edu (Daniel Thayer) Date: Mon, 17 Dec 2012 15:14:05 -0600 Subject: [Bro-Dev] [Bro-Commits] [git/broccoli] fastpath: Rebuild only necessary files for new prefix (74cbf83) In-Reply-To: <558D23D33781EF45A69229CDAC6BF15110B74D7F@CITESMBX6.ad.uillinois.edu> References: <201212122305.qBCN539N029415@bro-ids.icir.org> <20121213032049.GE20042@icir.org> <558D23D33781EF45A69229CDAC6BF15110B73908@CITESMBX6.ad.uillinois.edu> <20121217204336.GB85454@icir.org> <558D23D33781EF45A69229CDAC6BF15110B74D7F@CITESMBX6.ad.uillinois.edu> Message-ID: <50CF8B1D.1020605@illinois.edu> On 12/17/2012 02:45 PM, Slagell, Adam J wrote: > > On Dec 17, 2012, at 2:43 PM, Robin Sommer > wrote: > >> >> On Mon, Dec 17, 2012 at 16:24 +0000, you wrote: >> >>> I think this might be a nice to have feature to add later, >> >> Well, seems that has already happened in the meantime? > > There's still the additional configure I think. > Upon initial "make" (or "make test"), it will run configure once in order to do a test install. If the user had previously run configure, then it will automatically do it again (before running any of the tests) in order to restore the original bro install prefix. The changes I made to broccoli in fastpath enable the rebuild to run faster. -Daniel From robin at icir.org Mon Dec 17 16:30:56 2012 From: robin at icir.org (Robin Sommer) Date: Mon, 17 Dec 2012 16:30:56 -0800 Subject: [Bro-Dev] [Bro-Commits] [git/broccoli] fastpath: Rebuild only necessary files for new prefix (74cbf83) In-Reply-To: <50CF8B1D.1020605@illinois.edu> References: <201212122305.qBCN539N029415@bro-ids.icir.org> <20121213032049.GE20042@icir.org> <558D23D33781EF45A69229CDAC6BF15110B73908@CITESMBX6.ad.uillinois.edu> <20121217204336.GB85454@icir.org> <558D23D33781EF45A69229CDAC6BF15110B74D7F@CITESMBX6.ad.uillinois.edu> <50CF8B1D.1020605@illinois.edu> Message-ID: <20121218003056.GL85454@icir.org> On Mon, Dec 17, 2012 at 15:14 -0600, you wrote: > Upon initial "make" (or "make test"), it will run configure > once in order to do a test install. What if I just want to run a single test with "btest" directly? Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From robin at icir.org Mon Dec 17 16:52:23 2012 From: robin at icir.org (Robin Sommer) Date: Mon, 17 Dec 2012 16:52:23 -0800 Subject: [Bro-Dev] On the topic of MailTo/MailAlarmsTo... In-Reply-To: <1202BE242E080642B0CD0AD0A03E8552724453@PGH-MSGMB-03.andrew.ad.cmu.edu> References: <1202BE242E080642B0CD0AD0A03E855270FD51@PGH-MSGMB-03.andrew.ad.cmu.edu> <20121210203517.GS66949@icir.org> <1202BE242E080642B0CD0AD0A03E8552724453@PGH-MSGMB-03.andrew.ad.cmu.edu> Message-ID: <20121218005223.GN85454@icir.org> On Wed, Dec 12, 2012 at 00:18 +0000, you wrote: > - Bro Notice::ACTION_EMAIL -> MailTo > - Bro Notice::ACTION_ALARM -> MailAlarmsTo (only sent as summaries) > - broctl summarize-connections -> MailTo > - broctl crash reports -> MailTo > - broctl cron output -> MailTo So, yeah, that looks like we need third category, but maybe we one for the summaries. How about this: - Bro Notice::ACTION_EMAIL -> MailTo - Bro Notice::ACTION_ALARM -> MailSummariesTo - broctl summarize-connections -> MailSummariesTo - broctl crash reports -> MailAdminTo - broctl cron output -> MailAdminTo MailSummariesTo and MailAdminTo would default to MailTo. ? Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From vladg at cmu.edu Mon Dec 17 20:14:26 2012 From: vladg at cmu.edu (Vlad Grigorescu) Date: Tue, 18 Dec 2012 04:14:26 +0000 Subject: [Bro-Dev] On the topic of MailTo/MailAlarmsTo... In-Reply-To: <9686_1355791951_qBI0qU1U013093_20121218005223.GN85454@icir.org> References: <1202BE242E080642B0CD0AD0A03E855270FD51@PGH-MSGMB-03.andrew.ad.cmu.edu> <20121210203517.GS66949@icir.org> <1202BE242E080642B0CD0AD0A03E8552724453@PGH-MSGMB-03.andrew.ad.cmu.edu> <9686_1355791951_qBI0qU1U013093_20121218005223.GN85454@icir.org> Message-ID: <1202BE242E080642B0CD0AD0A03E8552755C41@PGH-MSGMB-03.andrew.ad.cmu.edu> That sounds good to me. While I don't like overcomplicating things, I don't see any other way to do this without a 3rd option. I think the new names are clearer than the existing ones. --Vlad On Dec 17, 2012, at 7:52 PM, Robin Sommer wrote: > So, yeah, that looks like we need third category, but maybe we one for > the summaries. How about this: > > - Bro Notice::ACTION_EMAIL -> MailTo > - Bro Notice::ACTION_ALARM -> MailSummariesTo > - broctl summarize-connections -> MailSummariesTo > - broctl crash reports -> MailAdminTo > - broctl cron output -> MailAdminTo > > MailSummariesTo and MailAdminTo would default to MailTo. From bro at tracker.bro-ids.org Mon Dec 17 20:20:02 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 18 Dec 2012 04:20:02 -0000 Subject: [Bro-Dev] #926: Changing mail destinations Message-ID: <047.bfd0e0692efeb69dcc22847717c80077@tracker.bro-ids.org> #926: Changing mail destinations ------------------------+--------------------- Reporter: robin | Type: Problem Status: new | Priority: Normal Milestone: Bro2.2 | Component: Bro Version: git/master | ------------------------+--------------------- On Dec 17, 2012, at 7:52 PM, Robin Sommer wrote: > So, yeah, that looks like we need third category, but maybe we one for > the summaries. How about this: > > - Bro Notice::ACTION_EMAIL -> MailTo > - Bro Notice::ACTION_ALARM -> MailSummariesTo > - broctl summarize-connections -> MailSummariesTo > - broctl crash reports -> MailAdminTo > - broctl cron output -> MailAdminTo > > MailSummariesTo and MailAdminTo would default to MailTo. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Tue Dec 18 00:00:10 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Tue, 18 Dec 2012 00:00:10 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212180800.qBI80ArU026379@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 730 [1] | seth | | High | Find and fix tcp sequence counting bugs Bro | 925 [2] | matthias | | Normal | Requesting merge of opaque branch > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ broccoli | 1c0fa4b | Daniel Thayer | 2012-12-13 | Sync up with attribute definitions in Bro [3] broccoli | 74cbf83 | Daniel Thayer | 2012-12-12 | Rebuild only necessary files for new prefix [4] [1] #730: http://tracker.bro-ids.org/bro/ticket/730 [2] #925: http://tracker.bro-ids.org/bro/ticket/925 [3] fastpath: http://tracker.bro-ids.org/bro/changeset/1c0fa4be727328e07ec32af0918e10936e064387/broccoli [4] fastpath: http://tracker.bro-ids.org/bro/changeset/74cbf83f13742dc5ad79a23c2c8c40b6c52b4ffd/broccoli From dnthayer at illinois.edu Tue Dec 18 10:08:19 2012 From: dnthayer at illinois.edu (Daniel Thayer) Date: Tue, 18 Dec 2012 12:08:19 -0600 Subject: [Bro-Dev] [Bro-Commits] [git/broccoli] fastpath: Rebuild only necessary files for new prefix (74cbf83) In-Reply-To: <20121218003056.GL85454@icir.org> References: <201212122305.qBCN539N029415@bro-ids.icir.org> <20121213032049.GE20042@icir.org> <558D23D33781EF45A69229CDAC6BF15110B73908@CITESMBX6.ad.uillinois.edu> <20121217204336.GB85454@icir.org> <558D23D33781EF45A69229CDAC6BF15110B74D7F@CITESMBX6.ad.uillinois.edu> <50CF8B1D.1020605@illinois.edu> <20121218003056.GL85454@icir.org> Message-ID: <50D0B113.4090000@illinois.edu> On 12/17/2012 06:30 PM, Robin Sommer wrote: > > > On Mon, Dec 17, 2012 at 15:14 -0600, you wrote: > >> Upon initial "make" (or "make test"), it will run configure >> once in order to do a test install. > > What if I just want to run a single test with "btest" directly? > > Robin > It just works. However, if you've just done a "git clone" without building anything, for example, then when you run "btest" manually you will see a helpful error message. -Daniel From bro at tracker.bro-ids.org Tue Dec 18 10:12:42 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 18 Dec 2012 18:12:42 -0000 Subject: [Bro-Dev] #927: topic/seth/metrics-merge: Metrics framework updates Message-ID: <046.c99bd3bd9ecee1538e5aa8f28b4f649e@tracker.bro-ids.org> #927: topic/seth/metrics-merge: Metrics framework updates ---------------------------+------------------------ Reporter: seth | Owner: robin Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ This branch is in a workable state and basically ready to be merged, but I'd appreciate a more detailed API/sanity review from anyone willing to take a look before it gets merged. This code is starting to get more and more important and I don't think we can afford to get it wrong for a release. New scripts include policy/misc/scan.bro, policy/misc/detect- traceroute, and various metrics test scripts that you can find by searching for "base/frameworks/metrics". -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Dec 18 12:36:10 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 18 Dec 2012 20:36:10 -0000 Subject: [Bro-Dev] #923: Parse Error Missing in Record/Type Confusion In-Reply-To: <052.112e9fd256469c894c1fbc136f2c314f@tracker.bro-ids.org> References: <052.112e9fd256469c894c1fbc136f2c314f@tracker.bro-ids.org> Message-ID: <067.9c01191f3b9e5583f7b4d7a4eb5d88be@tracker.bro-ids.org> #923: Parse Error Missing in Record/Type Confusion -------------------------+------------------------ Reporter: grigorescu | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: -------------------------+------------------------ Comment (by jsiwek): In [2f0c698ed568afbfa3c20300a2d87cfa11d631d0/bro]: {{{ #!CommitTicketReference repository="bro" revision="2f0c698ed568afbfa3c20300a2d87cfa11d631d0" Improve error for invalid use of types as values (addresses #923). This scripting error can now generate an error message at parse-time instead of run-time and also includes location information. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Dec 18 12:37:20 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 18 Dec 2012 20:37:20 -0000 Subject: [Bro-Dev] #923: Parse Error Missing in Record/Type Confusion In-Reply-To: <052.112e9fd256469c894c1fbc136f2c314f@tracker.bro-ids.org> References: <052.112e9fd256469c894c1fbc136f2c314f@tracker.bro-ids.org> Message-ID: <067.e68792504b84cb9059242df7a4bc7bb2@tracker.bro-ids.org> #923: Parse Error Missing in Record/Type Confusion ----------------------------+------------------------ Reporter: grigorescu | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by jsiwek): * type: Problem => Merge Request Comment: Patch in `topic/jsiwek/ticket-923` -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Wed Dec 19 00:00:28 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Wed, 19 Dec 2012 00:00:28 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212190800.qBJ80S7M031049@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 730 [1] | seth | | High | Find and fix tcp sequence counting bugs Bro | 923 [2] | grigorescu | | Normal | Parse Error Missing in Record/Type Confusion Bro | 925 [3] | matthias | | Normal | Requesting merge of opaque branch Bro | 927 [4] | seth | robin | Normal | topic/seth/metrics-merge: Metrics framework updates [5] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 98663fd | Jon Siwek | 2012-12-18 | Fix return value of hook calls that have no handlers. [6] bro | 4a09c12 | Jon Siwek | 2012-12-18 | Fix to_port() BIF for port strings with a port number of zero. [7] broccoli | 1c0fa4b | Daniel Thayer | 2012-12-13 | Sync up with attribute definitions in Bro [8] broccoli | 74cbf83 | Daniel Thayer | 2012-12-12 | Rebuild only necessary files for new prefix [9] btest | 7b00fd1 | Daniel Thayer | 2012-12-18 | Fix the btest "-c" option [10] [1] #730: http://tracker.bro-ids.org/bro/ticket/730 [2] #923: http://tracker.bro-ids.org/bro/ticket/923 [3] #925: http://tracker.bro-ids.org/bro/ticket/925 [4] #927: http://tracker.bro-ids.org/bro/ticket/927 [5] metrics-merge:: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: [6] fastpath: http://tracker.bro-ids.org/bro/changeset/98663fd534837f59806401f01499cd0d82bca22c/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/4a09c128822570b08bb19b306a5f7662718e36cd/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/1c0fa4be727328e07ec32af0918e10936e064387/broccoli [9] fastpath: http://tracker.bro-ids.org/bro/changeset/74cbf83f13742dc5ad79a23c2c8c40b6c52b4ffd/broccoli [1] fastpath: http://tracker.bro-ids.org/bro/changeset/7b00fd165ae4026b8ee3b75c1f63c886c1634668/btest From noreply at bro-ids.org Thu Dec 20 00:00:43 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Thu, 20 Dec 2012 00:00:43 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212200800.qBK80hYP015035@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 730 [1] | seth | | High | Find and fix tcp sequence counting bugs Bro | 923 [2] | grigorescu | | Normal | Parse Error Missing in Record/Type Confusion Bro | 925 [3] | matthias | | Normal | Requesting merge of opaque branch Bro | 927 [4] | seth | robin | Normal | topic/seth/metrics-merge: Metrics framework updates [5] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 98663fd | Jon Siwek | 2012-12-18 | Fix return value of hook calls that have no handlers. [6] bro | 4a09c12 | Jon Siwek | 2012-12-18 | Fix to_port() BIF for port strings with a port number of zero. [7] broccoli | 1c0fa4b | Daniel Thayer | 2012-12-13 | Sync up with attribute definitions in Bro [8] broccoli | 74cbf83 | Daniel Thayer | 2012-12-12 | Rebuild only necessary files for new prefix [9] btest | 2ad6a1d | Daniel Thayer | 2012-12-19 | Improve documentation [10] btest | 7b00fd1 | Daniel Thayer | 2012-12-18 | Fix the btest "-c" option [11] [1] #730: http://tracker.bro-ids.org/bro/ticket/730 [2] #923: http://tracker.bro-ids.org/bro/ticket/923 [3] #925: http://tracker.bro-ids.org/bro/ticket/925 [4] #927: http://tracker.bro-ids.org/bro/ticket/927 [5] metrics-merge:: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: [6] fastpath: http://tracker.bro-ids.org/bro/changeset/98663fd534837f59806401f01499cd0d82bca22c/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/4a09c128822570b08bb19b306a5f7662718e36cd/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/1c0fa4be727328e07ec32af0918e10936e064387/broccoli [9] fastpath: http://tracker.bro-ids.org/bro/changeset/74cbf83f13742dc5ad79a23c2c8c40b6c52b4ffd/broccoli [1] fastpath: http://tracker.bro-ids.org/bro/changeset/2ad6a1d1d92b80b84b23b1cea1d3f80f960e5f56/btest [1] fastpath: http://tracker.bro-ids.org/bro/changeset/7b00fd165ae4026b8ee3b75c1f63c886c1634668/btest From bro at tracker.bro-ids.org Thu Dec 20 11:04:32 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 20 Dec 2012 19:04:32 -0000 Subject: [Bro-Dev] #754: Complete implementation of switch statement In-Reply-To: <046.7621c0239b949326b069b865a7c4ac91@tracker.bro-ids.org> References: <046.7621c0239b949326b069b865a7c4ac91@tracker.bro-ids.org> Message-ID: <061.7caba56fd5741153434bbdee6e062d39@tracker.bro-ids.org> #754: Complete implementation of switch statement ---------------------+------------------------ Reporter: seth | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: language ---------------------+------------------------ Comment (by jsiwek): In [939a64b73a777822b77a9a5e25171e50c105adb0/bro]: {{{ #!CommitTicketReference repository="bro" revision="939a64b73a777822b77a9a5e25171e50c105adb0" Finish implementation of script-layer switch statement. Addresses #754. They behave like C-style switches except case labels can be comprised of multiple literal constants delimited by commas. Only atomic types are allowed for now. Case label bodies that don't execute a "return" or "break" statement will fall through to subsequent cases. A default case label is allowed. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Dec 20 15:27:13 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 20 Dec 2012 23:27:13 -0000 Subject: [Bro-Dev] #422: Array-style index accessor for strings In-Reply-To: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> References: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> Message-ID: <061.c753680086e55be05f0758ad13dfbea5@tracker.bro-ids.org> #422: Array-style index accessor for strings ------------------------------+---------------------- Reporter: seth | Owner: Type: Feature Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: | Keywords: language ------------------------------+---------------------- Comment (by jsiwek): In [55c515d50a29fffc9748eb847b16d9b92b8b0017/bro]: {{{ #!CommitTicketReference repository="bro" revision="55c515d50a29fffc9748eb847b16d9b92b8b0017" Add array-style index accessor for strings. Addresses #422. The index expression can take up to two indices for the start and end index of the substring to return (e.g. "mystring[1,3]"). Negative indices are allowed, with -1 representing the last character in the string. The indexing is not cyclic -- if the starting index is >= the length of the string an empty string is returned, and if the ending index is >= the length of the string then it's interpreted as the last index of the string. Assigning to substrings accessed like this isn't allowed. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Dec 20 15:30:20 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 20 Dec 2012 23:30:20 -0000 Subject: [Bro-Dev] #422: Array-style index accessor for strings In-Reply-To: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> References: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> Message-ID: <061.5104e070f0c3cb1631f4cf37c89e1ca6@tracker.bro-ids.org> #422: Array-style index accessor for strings ----------------------------+---------------------- Reporter: seth | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: | Keywords: language ----------------------------+---------------------- Changes (by jsiwek): * type: Feature Request => Merge Request Comment: In `topic/jsiwek/string-indexing` -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Dec 20 17:40:04 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 21 Dec 2012 01:40:04 -0000 Subject: [Bro-Dev] #422: Array-style index accessor for strings In-Reply-To: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> References: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> Message-ID: <061.92043bf84281dbf61cea4901f35161a9@tracker.bro-ids.org> #422: Array-style index accessor for strings ----------------------------+---------------------- Reporter: seth | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: | Keywords: language ----------------------------+---------------------- Comment (by robin): Merging, but what would you guys think about {{{s[1:4]}}} instead of {{{s[1,4]}}} (i.e., Pythonian)? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Dec 20 17:45:14 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 21 Dec 2012 01:45:14 -0000 Subject: [Bro-Dev] #422: Array-style index accessor for strings In-Reply-To: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> References: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> Message-ID: <061.6c4e52f73ea1d1446986c3079ba380b3@tracker.bro-ids.org> #422: Array-style index accessor for strings ----------------------------+---------------------- Reporter: seth | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: | Keywords: language ----------------------------+---------------------- Comment (by seth): > Merging, but what would you guys think about {{{s[1:4]}}} instead of > {{{s[1,4]}}} (i.e., Pythonian)? Either way is fine for me. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Dec 20 17:55:32 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 21 Dec 2012 01:55:32 -0000 Subject: [Bro-Dev] #923: Parse Error Missing in Record/Type Confusion In-Reply-To: <052.112e9fd256469c894c1fbc136f2c314f@tracker.bro-ids.org> References: <052.112e9fd256469c894c1fbc136f2c314f@tracker.bro-ids.org> Message-ID: <067.d0ac544a4c3e29a90d180fb7153d47da@tracker.bro-ids.org> #923: Parse Error Missing in Record/Type Confusion ----------------------------+------------------------ Reporter: grigorescu | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Comment (by robin): In [037085605ca7609c7bcfa5cfbbadac3f9e7a9b22/bro]: {{{ #!CommitTicketReference repository="bro" revision="037085605ca7609c7bcfa5cfbbadac3f9e7a9b22" Merge remote-tracking branch 'origin/topic/jsiwek/ticket-923' * origin/topic/jsiwek/ticket-923: Improve error for invalid use of types as values (addresses #923). Close 923. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Dec 20 17:55:31 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 21 Dec 2012 01:55:31 -0000 Subject: [Bro-Dev] #730: Find and fix tcp sequence counting bugs In-Reply-To: <046.dcc46d96df7639fb8de3a135dbe7e0cc@tracker.bro-ids.org> References: <046.dcc46d96df7639fb8de3a135dbe7e0cc@tracker.bro-ids.org> Message-ID: <061.7e15e99a37ea6e3d05b0a120f9a4fa9e@tracker.bro-ids.org> #730: Find and fix tcp sequence counting bugs ----------------------------+-------------------- Reporter: seth | Owner: robin Type: Merge Request | Status: closed Priority: High | Milestone: Bro2.2 Component: Bro | Version: Resolution: fixed | Keywords: ----------------------------+-------------------- Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [ca8a8b09fa878ac0866d0c248cf07f47961452d0/bro]: {{{ #!CommitTicketReference repository="bro" revision="ca8a8b09fa878ac0866d0c248cf07f47961452d0" Merge remote-tracking branch 'origin/topic/jsiwek/ticket-730' * origin/topic/jsiwek/ticket-730: Fix a case where c$resp$size is misrepresented. Addresses #730. Closes #730. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Dec 20 17:55:32 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 21 Dec 2012 01:55:32 -0000 Subject: [Bro-Dev] #925: Requesting merge of opaque branch In-Reply-To: <050.837caafda854f2426ed182576a7a948e@tracker.bro-ids.org> References: <050.837caafda854f2426ed182576a7a948e@tracker.bro-ids.org> Message-ID: <065.614b6a2c593622d825eba2017407bb24@tracker.bro-ids.org> #925: Requesting merge of opaque branch ----------------------------+------------------------ Reporter: matthias | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [da9097617025d5076d5fccb9e401de9a609b7a7d/bro]: {{{ #!CommitTicketReference repository="bro" revision="da9097617025d5076d5fccb9e401de9a609b7a7d" Merge remote-tracking branch 'origin/topic/matthias/opaque' * origin/topic/matthias/opaque: Add new unit test for opaque serialization. Migrate entropy testing to opaque. C++ify RandTest.* Fix a hard-to-spot bug. Use more descriptive error message. Fix the fix :-/. Fix initialization of hash values. Be clearer about delegation. Implement serialization of opaque types. Update hash BiF documentation. Migrate free SHA* functions to SHA*Val::digest(). Add missing type name that caused failing tests. Update base scripts and unit tests. Simplify hash function BiFs. Add support for opaque hash values. Adapt BiF & Bro parser to handle opaque types. More lexer/parser work. Implement equivalence relation for opaque types. Support basic serialization of opaque. Add opaque type to lexer, parser, and BroType. Closes #925 Conflicts: aux/broccoli }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Dec 20 17:55:32 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 21 Dec 2012 01:55:32 -0000 Subject: [Bro-Dev] #422: Array-style index accessor for strings In-Reply-To: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> References: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> Message-ID: <061.feadcb6e77910c875da3af106982853d@tracker.bro-ids.org> #422: Array-style index accessor for strings ----------------------------+---------------------- Reporter: seth | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: fixed | Keywords: language ----------------------------+---------------------- Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [5e3c28649026be16b0568136d125696f081d18be/bro]: {{{ #!CommitTicketReference repository="bro" revision="5e3c28649026be16b0568136d125696f081d18be" Merge remote-tracking branch 'origin/topic/jsiwek/string-indexing' * origin/topic/jsiwek/string-indexing: Add array-style index accessor for strings. Addresses #422. Closes #422. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Dec 20 17:55:31 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 21 Dec 2012 01:55:31 -0000 Subject: [Bro-Dev] #754: Complete implementation of switch statement In-Reply-To: <046.7621c0239b949326b069b865a7c4ac91@tracker.bro-ids.org> References: <046.7621c0239b949326b069b865a7c4ac91@tracker.bro-ids.org> Message-ID: <061.120a060a5438b337a4a96cb89859274a@tracker.bro-ids.org> #754: Complete implementation of switch statement ----------------------------+------------------------ Reporter: seth | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: language ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [9301589219b9b4b252fd109a63a78114648aaaff/bro]: {{{ #!CommitTicketReference repository="bro" revision="9301589219b9b4b252fd109a63a78114648aaaff" Merge remote-tracking branch 'origin/topic/jsiwek/switch-statement' * origin/topic/jsiwek/switch-statement: Finish implementation of script-layer switch statement. Addresses #754. Closes #754. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Fri Dec 21 00:26:27 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Fri, 21 Dec 2012 00:26:27 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212210826.qBL8QR3l013048@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ | [1] | | | | 500 Internal Server Error | [2] | | | | | [3] | | | |

Internal Server Error

| [4] | | | |

The server encountered an internal error or | [5] | | | | misconfiguration and was unable to complete | [6] | | | | your request.

| [7] | | | |

Please contact the server administrator, | [8] | | | | info at bro-ids.org and inform them of the time the error occurred, | [9] | | | | and anything you might have done that may have | [10] | | | | caused the error.

| [11] | | | |

More information about this error may be available | [12] | | | | in the server error log.

| [13] | | | | | [14] | | | | > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ | [15] | | | | 500 Internal Server Error | [16] | | | | | [17] | | | |

Internal Server Error

| [18] | | | |

The server encountered an internal error or | [19] | | | | misconfiguration and was unable to complete | [20] | | | | your request.

| [21] | | | |

Please contact the server administrator, | [22] | | | | info at bro-ids.org and inform them of the time the error occurred, | [23] | | | | and anything you might have done that may have | [24] | | | | caused the error.

| [25] | | | |

More information about this error may be available | [26] | | | | in the server error log.

| [27] | | | | | [28] | | | | [1] #0: http://tracker.bro-ids.org/bro/ticket/ [2] #0: http://tracker.bro-ids.org/bro/ticket/ [3] #0: http://tracker.bro-ids.org/bro/ticket/ [4] #0: http://tracker.bro-ids.org/bro/ticket/ [5] #0: http://tracker.bro-ids.org/bro/ticket/ [6] #0: http://tracker.bro-ids.org/bro/ticket/ [7] #0: http://tracker.bro-ids.org/bro/ticket/ [8] #0: http://tracker.bro-ids.org/bro/ticket/ [9] #0: http://tracker.bro-ids.org/bro/ticket/ [10] #0: http://tracker.bro-ids.org/bro/ticket/ [11] #0: http://tracker.bro-ids.org/bro/ticket/ [12] #0: http://tracker.bro-ids.org/bro/ticket/ [13] #0: http://tracker.bro-ids.org/bro/ticket/ [14] #0: http://tracker.bro-ids.org/bro/ticket/ [15] #0: http://tracker.bro-ids.org/bro/ticket/ [16] #0: http://tracker.bro-ids.org/bro/ticket/ [17] #0: http://tracker.bro-ids.org/bro/ticket/ [18] #0: http://tracker.bro-ids.org/bro/ticket/ [19] #0: http://tracker.bro-ids.org/bro/ticket/ [20] #0: http://tracker.bro-ids.org/bro/ticket/ [21] #0: http://tracker.bro-ids.org/bro/ticket/ [22] #0: http://tracker.bro-ids.org/bro/ticket/ [23] #0: http://tracker.bro-ids.org/bro/ticket/ [24] #0: http://tracker.bro-ids.org/bro/ticket/ [25] #0: http://tracker.bro-ids.org/bro/ticket/ [26] #0: http://tracker.bro-ids.org/bro/ticket/ [27] #0: http://tracker.bro-ids.org/bro/ticket/ [28] #0: http://tracker.bro-ids.org/bro/ticket/ From bro at tracker.bro-ids.org Fri Dec 21 09:01:09 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 21 Dec 2012 17:01:09 -0000 Subject: [Bro-Dev] #422: Array-style index accessor for strings In-Reply-To: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> References: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> Message-ID: <061.d3676af461f32ee41f7428d5aecee18b@tracker.bro-ids.org> #422: Array-style index accessor for strings ----------------------------+---------------------- Reporter: seth | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: fixed | Keywords: language ----------------------------+---------------------- Comment (by matthias): Replying to [comment:4 robin]: > Merging, but what would you guys think about {{{s[1:4]}}} instead of {{{s[1,4]}}} (i.e., Pythonian)? I prefer the `s[1,4]` syntax, as I find it more consistent with the language at this point. We currently do not have the notion of a "range". Once we do, it would make sense to apply this concept to any enumerable types, like containers. Then "`range(1, 4)`" can have some sort of syntactic sugar (for Rubyists, that would be `1..4` and for the Pythonians `1:4`, so there's room for discussion :-). -- Ticket URL: Bro Tracker Bro Issue Tracker From seth at icir.org Fri Dec 21 19:28:29 2012 From: seth at icir.org (Seth Hall) Date: Fri, 21 Dec 2012 22:28:29 -0500 Subject: [Bro-Dev] [Bro-Commits] [git/bro] topic/matthias/notary: Factor notary code into separte file. (382262e) In-Reply-To: <201212220200.qBM20d1f031238@bro-ids.icir.org> References: <201212220200.qBM20d1f031238@bro-ids.icir.org> Message-ID: On Dec 21, 2012, at 9:00 PM, Matthias Vallentin wrote: > Repository : ssh://git at bro-ids.icir.org/bro > Factor notary code into separte file. Please move the notary script to policy and move the definition for the Info record back into main.bro. I see why you did it the way you did, but what I would rather see is that you implement a way to asynchronously add data to the SSL log with some sort of "delay ticket" like I implemented in the notice framework to delay sending emails while more data is collected. It's possible that this is even something we should generically add to the logging framework. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/ From bro at tracker.bro-ids.org Fri Dec 21 19:32:24 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Sat, 22 Dec 2012 03:32:24 -0000 Subject: [Bro-Dev] #754: Complete implementation of switch statement In-Reply-To: <046.7621c0239b949326b069b865a7c4ac91@tracker.bro-ids.org> References: <046.7621c0239b949326b069b865a7c4ac91@tracker.bro-ids.org> Message-ID: <061.30e0ef3558ff83a41f0d5115e750b293@tracker.bro-ids.org> #754: Complete implementation of switch statement ----------------------------+------------------------ Reporter: seth | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: language ----------------------------+------------------------ Comment (by vern): Way back when I first was adding a few hooks for this, my intent had been to allow dynamic expressions rather than requiring constants. That changes the flavor of the statement significantly (and raises the issue of how to deal with multiple labels that evaluate to the same value at run- time), but also my sense is this could be substantially more powerful. So, (1) what in particular is motivating this addition right now, and (2) thoughts on making it more dynamics? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Dec 21 19:44:53 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Sat, 22 Dec 2012 03:44:53 -0000 Subject: [Bro-Dev] #422: Array-style index accessor for strings In-Reply-To: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> References: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> Message-ID: <061.c54942cda92aff6c0ab600ccf7dc1272@tracker.bro-ids.org> #422: Array-style index accessor for strings ----------------------------+---------------------- Reporter: seth | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: fixed | Keywords: language ----------------------------+---------------------- Comment (by vern): The {{{s[1,4]}}} syntax is '''ambiguous''' when scanned visually - does it mean a string range, or a reference into a 2-dimensional array? Because of this, I strongly prefer {{{s[1:4]}}} syntax; and indeed the degree to which we can adopt {{{S}}}/{{{R}}}-style array semantics (I'm hoping Python's are similar, so we tone down the holy wars :-)), the better, as it kicks ass for manipulating arrays. For example, in {{{S}}}/{{{R}}} the expression {{{x[x > 3 & x <= 9]}}} returns an array of all elements in {{{x}}} in {{{(3,9]}}}, and in fact this works for any boolean mask, so if {{{y}}} is the same length as {{{x}}}, then {{{x[y != 0]}}} pulls out those elements in {{{x}}} that correspond to points where {{{y}}} is non-zero. You can also use {{{x[-(1:4)]}}} to extract all elements of {{{x}}} ''except'' the first four; and {{{:}}} is itself a "sequence" operator, so {{{x:y}}} generates an array of all integer values in {{{[x,y]}}}. I'm not saying we should dive into this degree of array/vector semantics at this point, but keeping the current syntax consistent with that goal would be good ... -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Sat Dec 22 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 22 Dec 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212220800.qBM802nH007123@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 923 [1] | grigorescu | | Normal | Parse Error Missing in Record/Type Confusion Bro | 927 [2] | seth | robin | Normal | topic/seth/metrics-merge: Metrics framework updates [3] [1] #923: http://tracker.bro-ids.org/bro/ticket/923 [2] #927: http://tracker.bro-ids.org/bro/ticket/927 [3] metrics-merge:: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: From noreply at bro-ids.org Sun Dec 23 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sun, 23 Dec 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212230800.qBN802F8021991@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 923 [1] | grigorescu | | Normal | Parse Error Missing in Record/Type Confusion Bro | 927 [2] | seth | robin | Normal | topic/seth/metrics-merge: Metrics framework updates [3] [1] #923: http://tracker.bro-ids.org/bro/ticket/923 [2] #927: http://tracker.bro-ids.org/bro/ticket/927 [3] metrics-merge:: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: From noreply at bro-ids.org Mon Dec 24 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Mon, 24 Dec 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212240800.qBO802Kr026483@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 923 [1] | grigorescu | | Normal | Parse Error Missing in Record/Type Confusion Bro | 927 [2] | seth | robin | Normal | topic/seth/metrics-merge: Metrics framework updates [3] [1] #923: http://tracker.bro-ids.org/bro/ticket/923 [2] #927: http://tracker.bro-ids.org/bro/ticket/927 [3] metrics-merge:: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: From bro at tracker.bro-ids.org Mon Dec 24 23:14:51 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 25 Dec 2012 07:14:51 -0000 Subject: [Bro-Dev] #928: Incorporate ICSI certificate notary into SSL logging Message-ID: <050.670adea7e8363a03ddb2651421087ccb@tracker.bro-ids.org> #928: Incorporate ICSI certificate notary into SSL logging -------------------------------+------------------------ Reporter: matthias | Owner: Type: Test Case Missing | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | -------------------------------+------------------------ This commit (i) adds support for delayed logging for SSL records, and (ii) provides a new script notary.bro that interacts with the ICSI certificate notary. The delayed logging implementation takes the idea of delaying notices one step further: it logs records in the order as they would normally occur by buffering them until a specified maximum timeout (by default 15 seconds). A user can delay a record by adding an opaque identifier, and is responsible to remove the same identifier later to "undelay" the record, allowing it to be flushed. The notary script comes as a client application to this new interface. For each leaf certificate in a chain sent by a server, the script computes the SHA1 hash and queries the notary. As soon as the reply arrives, the script enhances the SSL log record with the details from the notary response and undelays the record. The notary script also caches DNS replies for an hour after creation. Due to the changing state of the notary, it is difficult to write a test case for this script. Thus I'll just file it as a merge request, and would appreciate if folks (in particular Seth :-) could have a look at it. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Tue Dec 25 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Tue, 25 Dec 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212250800.qBP802Pw008140@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 923 [1] | grigorescu | | Normal | Parse Error Missing in Record/Type Confusion Bro | 927 [2] | seth | robin | Normal | topic/seth/metrics-merge: Metrics framework updates [3] [1] #923: http://tracker.bro-ids.org/bro/ticket/923 [2] #927: http://tracker.bro-ids.org/bro/ticket/927 [3] metrics-merge:: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: From noreply at bro-ids.org Wed Dec 26 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Wed, 26 Dec 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212260800.qBQ802oZ030520@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 923 [1] | grigorescu | | Normal | Parse Error Missing in Record/Type Confusion Bro | 927 [2] | seth | robin | Normal | topic/seth/metrics-merge: Metrics framework updates [3] [1] #923: http://tracker.bro-ids.org/bro/ticket/923 [2] #927: http://tracker.bro-ids.org/bro/ticket/927 [3] metrics-merge:: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: From noreply at bro-ids.org Thu Dec 27 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Thu, 27 Dec 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212270800.qBR8025P004882@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 923 [1] | grigorescu | | Normal | Parse Error Missing in Record/Type Confusion Bro | 927 [2] | seth | robin | Normal | topic/seth/metrics-merge: Metrics framework updates [3] [1] #923: http://tracker.bro-ids.org/bro/ticket/923 [2] #927: http://tracker.bro-ids.org/bro/ticket/927 [3] metrics-merge:: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: From bro at tracker.bro-ids.org Thu Dec 27 08:47:28 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 27 Dec 2012 16:47:28 -0000 Subject: [Bro-Dev] #754: Complete implementation of switch statement In-Reply-To: <046.7621c0239b949326b069b865a7c4ac91@tracker.bro-ids.org> References: <046.7621c0239b949326b069b865a7c4ac91@tracker.bro-ids.org> Message-ID: <061.8e6d19dd6b51882ba2a8846b0865973d@tracker.bro-ids.org> #754: Complete implementation of switch statement ----------------------------+------------------------ Reporter: seth | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: language ----------------------------+------------------------ Comment (by jsiwek): Replying to [comment:5 vern]: > (1) what in particular is motivating this addition right now It's just what I felt like working on that day. > (2) thoughts on making it more dynamics? For constant case labels, an internal hash map lookup can be done when evaluating the switch instead of iterating over them (and evaluating) to look for the first match. I didn't do any measurements, but I think that way would match people's performance expectations for a switch with a modest amount of cases because other languages do it similarly? But I'm not completely attached to that way and it shouldn't be difficult to remove that constant-only case label restriction, so let me know if you're not persuaded. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Dec 27 09:11:45 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 27 Dec 2012 17:11:45 -0000 Subject: [Bro-Dev] #422: Array-style index accessor for strings In-Reply-To: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> References: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> Message-ID: <061.b6298fd3daa1b157eaed37ce82edb758@tracker.bro-ids.org> #422: Array-style index accessor for strings ---------------------+---------------------- Reporter: seth | Owner: robin Type: Task | Status: reopened Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: | Keywords: language ---------------------+---------------------- Changes (by jsiwek): * status: closed => reopened * type: Merge Request => Task * resolution: fixed => Comment: Replying to [comment:4 robin]: > Merging, but what would you guys think about {{{s[1:4]}}} instead of {{{s[1,4]}}} (i.e., Pythonian)? I had done it like `s[1,4]` just because that's the style other indexing in the language used, but I think I side with Vern's argument for `s[1:4]` if we were to vote now. I'll work on changing it in about a week unless there's more discussion in the meantime. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Dec 27 09:12:58 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 27 Dec 2012 17:12:58 -0000 Subject: [Bro-Dev] #923: Parse Error Missing in Record/Type Confusion In-Reply-To: <052.112e9fd256469c894c1fbc136f2c314f@tracker.bro-ids.org> References: <052.112e9fd256469c894c1fbc136f2c314f@tracker.bro-ids.org> Message-ID: <067.506931ee8c230466b117ae64ae0f760d@tracker.bro-ids.org> #923: Parse Error Missing in Record/Type Confusion -----------------------------+------------------------ Reporter: grigorescu | Owner: Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Changes (by jsiwek): * status: new => closed * resolution: => Solved/Applied -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Fri Dec 28 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Fri, 28 Dec 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212280800.qBS802Eq014149@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 927 [1] | seth | robin | Normal | topic/seth/metrics-merge: Metrics framework updates [2] [1] #927: http://tracker.bro-ids.org/bro/ticket/927 [2] metrics-merge:: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: From bro at tracker.bro-ids.org Fri Dec 28 00:37:17 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 28 Dec 2012 08:37:17 -0000 Subject: [Bro-Dev] #422: Array-style index accessor for strings In-Reply-To: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> References: <046.c7d0943c73a69d7fafd3a3bfa1945d22@tracker.bro-ids.org> Message-ID: <061.febda1df1d0a11684e6ad211712af059@tracker.bro-ids.org> #422: Array-style index accessor for strings ---------------------+---------------------- Reporter: seth | Owner: robin Type: Task | Status: reopened Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: | Keywords: language ---------------------+---------------------- Comment (by matthias): Replying to [comment:10 jsiwek]: > [..] but I think I side with Vern's argument for `s[1:4]` if we were to vote now. Same, I am in favor of an `a:b`-style syntax now, too, after realizing that the `[a,b]` may result in ambiguous interpretations. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Dec 28 16:56:26 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Sat, 29 Dec 2012 00:56:26 -0000 Subject: [Bro-Dev] #754: Complete implementation of switch statement In-Reply-To: <046.7621c0239b949326b069b865a7c4ac91@tracker.bro-ids.org> References: <046.7621c0239b949326b069b865a7c4ac91@tracker.bro-ids.org> Message-ID: <061.ebc7187a5071317f5155e750d1d264a6@tracker.bro-ids.org> #754: Complete implementation of switch statement ----------------------------+------------------------ Reporter: seth | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: language ----------------------------+------------------------ Comment (by vern): I'm not persuaded by performance-expectations arguments, since there are a lot of ways that can be sliced / optimized / doesn't-matter. I do believe in a general rule of don't-add-features-without-a-specific- need, so if this isn't a motivated addition, I'd put it on hold. (I.e., okay to keep the current code in place, but don't turn it on until we find we need it - and then first analyze just what we really need.) -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Sat Dec 29 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 29 Dec 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212290800.qBT802OD007624@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 927 [1] | seth | robin | Normal | topic/seth/metrics-merge: Metrics framework updates [2] [1] #927: http://tracker.bro-ids.org/bro/ticket/927 [2] metrics-merge:: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: From noreply at bro-ids.org Sun Dec 30 00:00:03 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sun, 30 Dec 2012 00:00:03 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212300800.qBU803el029774@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 927 [1] | seth | robin | Normal | topic/seth/metrics-merge: Metrics framework updates [2] [1] #927: http://tracker.bro-ids.org/bro/ticket/927 [2] metrics-merge:: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: From noreply at bro-ids.org Mon Dec 31 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Mon, 31 Dec 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201212310800.qBV802Ml010506@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 927 [1] | seth | robin | Normal | topic/seth/metrics-merge: Metrics framework updates [2] [1] #927: http://tracker.bro-ids.org/bro/ticket/927 [2] metrics-merge:: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: