From noreply at bro.org Wed May 1 00:00:04 2013 From: noreply at bro.org (Merge Tracker) Date: Wed, 1 May 2013 00:00:04 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305010700.r41704CO013544@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 927 [1] | seth | robin | Normal | topic/seth/metrics-merge: Metrics framework updates [2] Bro | 982 [3] | jsiwek | | Low | topic/jsiwek/file-analysis [4] BroControl | 989 [5] | dnthayer | | Medium | topic/dnthayer/cleanup2 [6] [1] #927: http://tracker.bro.org/bro/ticket/927 [2] metrics-merge:: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: [3] #982: http://tracker.bro.org/bro/ticket/982 [4] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [5] #989: http://tracker.bro.org/bro/ticket/989 [6] cleanup2: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/cleanup2 From jsiwek at illinois.edu Wed May 1 07:55:13 2013 From: jsiwek at illinois.edu (Siwek, Jonathan Luke) Date: Wed, 1 May 2013 14:55:13 +0000 Subject: [Bro-Dev] [Bro-Commits] [git/bro] topic/jsiwek/file-analysis: FileAnalysis: load custom mime magic database just once. (0141f51) In-Reply-To: <201304291755.r3THtUQs004789@bro-ids.icir.org> References: <201304291755.r3THtUQs004789@bro-ids.icir.org> Message-ID: For reference, a link to my libmagic bug report explaining what this commit works around: http://bugs.gw.com/view.php?id=248 On Apr 29, 2013, at 12:55 PM, Jonathan Siwek wrote: > Repository : ssh://git at bro-ids.icir.org/bro > > On branch : topic/jsiwek/file-analysis > Link : http://tracker.bro-ids.org/bro/changeset/0141f5180171f42981bcce58c6fdc457b779f551/bro > >> --------------------------------------------------------------- > > commit 0141f5180171f42981bcce58c6fdc457b779f551 > Author: Jon Siwek > Date: Mon Apr 29 11:34:27 2013 -0500 > > FileAnalysis: load custom mime magic database just once. > > This works around a bug in libmagic since version 5.12 (current at > time of writing is 5.14) -- second call to magic_load() w/ non-default > database segfaults. > > >> --------------------------------------------------------------- > > 0141f5180171f42981bcce58c6fdc457b779f551 > src/FileAnalyzer.cc | 18 +++--------------- > src/FileAnalyzer.h | 4 ---- > src/bro.bif | 6 +----- > src/file_analysis/File.cc | 6 +----- > src/file_analysis/File.h | 3 --- > src/main.cc | 7 +++++++ > src/util.h | 3 +++ > 7 files changed, 15 insertions(+), 32 deletions(-) > > diff --git a/src/FileAnalyzer.cc b/src/FileAnalyzer.cc > index 508ae23..a43bba2 100644 > --- a/src/FileAnalyzer.cc > +++ b/src/FileAnalyzer.cc > @@ -5,16 +5,10 @@ > #include "Reporter.h" > #include "util.h" > > -magic_t File_Analyzer::magic = 0; > -magic_t File_Analyzer::magic_mime = 0; > - > File_Analyzer::File_Analyzer(AnalyzerTag::Tag tag, Connection* conn) > : TCP_ApplicationAnalyzer(tag, conn) > { > buffer_len = 0; > - > - bro_init_magic(&magic, MAGIC_NONE); > - bro_init_magic(&magic_mime, MAGIC_MIME); > } > > void File_Analyzer::DeliverStream(int len, const u_char* data, bool orig) > @@ -49,19 +43,13 @@ void File_Analyzer::Done() > > void File_Analyzer::Identify() > { > - const char* descr = 0; > - const char* mime = 0; > - > - if ( magic ) > - descr = bro_magic_buffer(magic, buffer, buffer_len); > - > - if ( magic_mime ) > - mime = bro_magic_buffer(magic_mime, buffer, buffer_len); > + const char* desc = bro_magic_buffer(magic_desc_cookie, buffer, buffer_len); > + const char* mime = bro_magic_buffer(magic_mime_cookie, buffer, buffer_len); > > val_list* vl = new val_list; > vl->append(BuildConnVal()); > vl->append(new StringVal(buffer_len, buffer)); > - vl->append(new StringVal(descr ? descr : "")); > + vl->append(new StringVal(desc ? desc : "")); > vl->append(new StringVal(mime ? mime : "")); > ConnectionEvent(file_transferred, vl); > } > diff --git a/src/FileAnalyzer.h b/src/FileAnalyzer.h > index c4bd084..59ec5cd 100644 > --- a/src/FileAnalyzer.h > +++ b/src/FileAnalyzer.h > @@ -6,7 +6,6 @@ > #include "TCP.h" > > #include > -#include > > class File_Analyzer : public TCP_ApplicationAnalyzer { > public: > @@ -31,9 +30,6 @@ protected: > static const int BUFFER_SIZE = 1024; > char buffer[BUFFER_SIZE]; > int buffer_len; > - > - static magic_t magic; > - static magic_t magic_mime; > }; > > class IRC_Data : public File_Analyzer { > diff --git a/src/bro.bif b/src/bro.bif > index ba300d1..b46ae41 100644 > --- a/src/bro.bif > +++ b/src/bro.bif > @@ -849,11 +849,7 @@ extern "C" { > ## Returns: The MIME type of *data*, or "" if there was an error. > function identify_data%(data: string, return_mime: bool%): string > %{ > - static magic_t magic_mime = 0; > - static magic_t magic_descr = 0; > - > - magic_t* magic = return_mime ? &magic_mime : &magic_descr; > - bro_init_magic(magic, return_mime ? MAGIC_MIME : MAGIC_NONE); > + magic_t* magic = return_mime ? &magic_mime_cookie : &magic_desc_cookie; > > if( ! *magic ) > return new StringVal(""); > diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc > index f70257a..70f7b17 100644 > --- a/src/file_analysis/File.cc > +++ b/src/file_analysis/File.cc > @@ -49,8 +49,6 @@ int File::bof_buffer_size_idx = -1; > int File::bof_buffer_idx = -1; > int File::mime_type_idx = -1; > > -magic_t File::magic_mime = 0; > - > string File::salt; > > void File::StaticInit() > @@ -72,8 +70,6 @@ void File::StaticInit() > bof_buffer_idx = Idx("bof_buffer"); > mime_type_idx = Idx("mime_type"); > > - bro_init_magic(&magic_mime, MAGIC_MIME); > - > salt = BifConst::FileAnalysis::salt->CheckString(); > } > > @@ -250,7 +246,7 @@ bool File::BufferBOF(const u_char* data, uint64 len) > > bool File::DetectMIME(const u_char* data, uint64 len) > { > - const char* mime = bro_magic_buffer(magic_mime, data, len); > + const char* mime = bro_magic_buffer(magic_mime_cookie, data, len); > > if ( mime ) > { > diff --git a/src/file_analysis/File.h b/src/file_analysis/File.h > index 07d8d66..e6438a9 100644 > --- a/src/file_analysis/File.h > +++ b/src/file_analysis/File.h > @@ -3,7 +3,6 @@ > > #include > #include > -#include > > #include "AnalyzerTags.h" > #include "Conn.h" > @@ -207,8 +206,6 @@ protected: > */ > static void StaticInit(); > > - static magic_t magic_mime; > - > static string salt; > > static int id_idx; > diff --git a/src/main.cc b/src/main.cc > index 7318058..fe44516 100644 > --- a/src/main.cc > +++ b/src/main.cc > @@ -23,6 +23,7 @@ extern "C" { > #endif > > #include > +#include > > extern "C" void OPENSSL_add_all_algorithms_conf(void); > > @@ -64,6 +65,9 @@ extern "C" void OPENSSL_add_all_algorithms_conf(void); > > Brofiler brofiler; > > +magic_t magic_desc_cookie = 0; > +magic_t magic_mime_cookie = 0; > + > #ifndef HAVE_STRSEP > extern "C" { > char* strsep(char**, const char*); > @@ -730,6 +734,9 @@ int main(int argc, char** argv) > curl_global_init(CURL_GLOBAL_ALL); > #endif > > + bro_init_magic(&magic_desc_cookie, MAGIC_NONE); > + bro_init_magic(&magic_mime_cookie, MAGIC_MIME); > + > // FIXME: On systems that don't provide /dev/urandom, OpenSSL doesn't > // seed the PRNG. We should do this here (but at least Linux, FreeBSD > // and Solaris provide /dev/urandom). > diff --git a/src/util.h b/src/util.h > index 4e35245..b0ac760 100644 > --- a/src/util.h > +++ b/src/util.h > @@ -370,6 +370,9 @@ struct CompareString > } > }; > > +extern magic_t magic_desc_cookie; > +extern magic_t magic_mime_cookie; > + > void bro_init_magic(magic_t* cookie_ptr, int flags); > const char* bro_magic_buffer(magic_t cookie, const void* buffer, size_t length); > > > _______________________________________________ > bro-commits mailing list > bro-commits at bro.org > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-commits > From bro at tracker.bro.org Wed May 1 18:02:02 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 02 May 2013 01:02:02 -0000 Subject: [Bro-Dev] #990: Sumstats documentation Message-ID: <043.234e1f2462b1e5375f8530c78bc7cce9@tracker.bro.org> #990: Sumstats documentation --------------------+------------------------ Reporter: robin | Owner: Type: Task | Status: new Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | --------------------+------------------------ We should prepare an overview how-to for using the sumstats framework for 2.2 -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 1 18:03:32 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 02 May 2013 01:03:32 -0000 Subject: [Bro-Dev] #927: topic/seth/metrics-merge: Metrics framework updates In-Reply-To: <042.a8a353a2e7de5a01b629d7caf36d7acc@tracker.bro.org> References: <042.a8a353a2e7de5a01b629d7caf36d7acc@tracker.bro.org> Message-ID: <057.53ea6be27d6787b40612caf373a2853f@tracker.bro.org> #927: topic/seth/metrics-merge: Metrics framework updates ----------------------------+------------------------ Reporter: seth | Owner: seth Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: robin => seth Comment: Merging, but we still need to check if the main features of the new framework are covered by tests. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 1 18:08:58 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 02 May 2013 01:08:58 -0000 Subject: [Bro-Dev] #982: topic/jsiwek/file-analysis In-Reply-To: <044.62a7d3a7b87d3c82b17137642aa083a2@tracker.bro.org> References: <044.62a7d3a7b87d3c82b17137642aa083a2@tracker.bro.org> Message-ID: <059.1cb1ae590361df4239dc2a6912001b9f@tracker.bro.org> #982: topic/jsiwek/file-analysis ----------------------------+------------------------ Reporter: jsiwek | Owner: Type: Merge Request | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Comment (by robin): So is this log issue something we need to get fixed first? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 1 18:11:55 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 02 May 2013 01:11:55 -0000 Subject: [Bro-Dev] #927: topic/seth/metrics-merge: Metrics framework updates In-Reply-To: <042.a8a353a2e7de5a01b629d7caf36d7acc@tracker.bro.org> References: <042.a8a353a2e7de5a01b629d7caf36d7acc@tracker.bro.org> Message-ID: <057.26c75b0919707bd54e480bef6f127dfa@tracker.bro.org> #927: topic/seth/metrics-merge: Metrics framework updates ----------------------------+------------------------ Reporter: seth | Owner: seth Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Comment (by seth): > Merging, but we still need to check if the main features of the new > framework are covered by tests. They should be. I have all of the calculations tested, single and series of thresholds, and it's all tested in cluster mode. I think it's good enough to go ahead and merge now, but I have some more cpu performance improvements in development now too that I hope to have ready soon. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Thu May 2 00:00:04 2013 From: noreply at bro.org (Merge Tracker) Date: Thu, 2 May 2013 00:00:04 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305020700.r42704Ww019598@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 927 [1] | seth | seth | Normal | topic/seth/metrics-merge: Metrics framework updates [2] Bro | 982 [3] | jsiwek | | Low | topic/jsiwek/file-analysis [4] BroControl | 989 [5] | dnthayer | | Medium | topic/dnthayer/cleanup2 [6] [1] #927: http://tracker.bro.org/bro/ticket/927 [2] metrics-merge:: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: [3] #982: http://tracker.bro.org/bro/ticket/982 [4] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [5] #989: http://tracker.bro.org/bro/ticket/989 [6] cleanup2: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/cleanup2 From robin at icir.org Thu May 2 07:54:32 2013 From: robin at icir.org (Robin Sommer) Date: Thu, 2 May 2013 07:54:32 -0700 Subject: [Bro-Dev] #927: topic/seth/metrics-merge: Metrics framework updates In-Reply-To: <057.26c75b0919707bd54e480bef6f127dfa@tracker.bro.org> References: <042.a8a353a2e7de5a01b629d7caf36d7acc@tracker.bro.org> <057.26c75b0919707bd54e480bef6f127dfa@tracker.bro.org> Message-ID: <20130502145432.GB21086@icir.org> On Thu, May 02, 2013 at 01:11 -0000, you wrote: > They should be. I have all of the calculations tested, single and series > of thresholds, and it's all tested in cluster mode. Ok, just close the ticket if all features are tested, and then file a new merge request for any enhancements. -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin From bro at tracker.bro.org Thu May 2 07:57:25 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 02 May 2013 14:57:25 -0000 Subject: [Bro-Dev] #927: topic/seth/metrics-merge: Metrics framework updates In-Reply-To: <042.a8a353a2e7de5a01b629d7caf36d7acc@tracker.bro.org> References: <042.a8a353a2e7de5a01b629d7caf36d7acc@tracker.bro.org> Message-ID: <057.f44f9b407e4f8fa7fffbd198227c5c1d@tracker.bro.org> #927: topic/seth/metrics-merge: Metrics framework updates ----------------------------+------------------------ Reporter: seth | Owner: seth Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Comment (by robin): On Thu, May 02, 2013 at 01:11 -0000, you wrote: > They should be. I have all of the calculations tested, single and series > of thresholds, and it's all tested in cluster mode. Ok, just close the ticket if all features are tested, and then file a new merge request for any enhancements. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 2 10:05:31 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 02 May 2013 17:05:31 -0000 Subject: [Bro-Dev] #982: topic/jsiwek/file-analysis In-Reply-To: <044.62a7d3a7b87d3c82b17137642aa083a2@tracker.bro.org> References: <044.62a7d3a7b87d3c82b17137642aa083a2@tracker.bro.org> Message-ID: <059.00ea2b1419b4389db8872efcc2447079@tracker.bro.org> #982: topic/jsiwek/file-analysis ----------------------------+------------------------ Reporter: jsiwek | Owner: Type: Merge Request | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Comment (by jsiwek): Replying to [comment:3 robin]: > So is this log issue something we need to get fixed first? It's not something that's "wrong" it's just something that can be improved. It doesn't block reviewing the new code in the branch and doesn't necessarily have to block merging it if you find everything else is perfect. I prefer waiting on fixing it until I get all your feedback so I can do all changes in one shot. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 2 10:08:33 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 02 May 2013 17:08:33 -0000 Subject: [Bro-Dev] #982: topic/jsiwek/file-analysis In-Reply-To: <044.62a7d3a7b87d3c82b17137642aa083a2@tracker.bro.org> References: <044.62a7d3a7b87d3c82b17137642aa083a2@tracker.bro.org> Message-ID: <059.7a1adcb929173503e0a8bcf12711013f@tracker.bro.org> #982: topic/jsiwek/file-analysis ----------------------------+------------------------ Reporter: jsiwek | Owner: Type: Merge Request | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Comment (by seth): > I prefer waiting on fixing it until I get all your feedback > so I can do all changes in one shot. I think that makes sense too. -- Ticket URL: Bro Tracker Bro Issue Tracker From robin at icir.org Thu May 2 10:12:21 2013 From: robin at icir.org (Robin Sommer) Date: Thu, 2 May 2013 10:12:21 -0700 Subject: [Bro-Dev] #982: topic/jsiwek/file-analysis In-Reply-To: <059.7a1adcb929173503e0a8bcf12711013f@tracker.bro.org> References: <044.62a7d3a7b87d3c82b17137642aa083a2@tracker.bro.org> <059.7a1adcb929173503e0a8bcf12711013f@tracker.bro.org> Message-ID: <20130502171220.GB589@icir.org> Ack, I'm planing to go ahead with reviewing anyways asap. -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin From bro at tracker.bro.org Thu May 2 10:15:13 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 02 May 2013 17:15:13 -0000 Subject: [Bro-Dev] #982: topic/jsiwek/file-analysis In-Reply-To: <044.62a7d3a7b87d3c82b17137642aa083a2@tracker.bro.org> References: <044.62a7d3a7b87d3c82b17137642aa083a2@tracker.bro.org> Message-ID: <059.0c3b2b24e09e9fe3730d7d43abecdd8c@tracker.bro.org> #982: topic/jsiwek/file-analysis ----------------------------+------------------------ Reporter: jsiwek | Owner: Type: Merge Request | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Comment (by robin): Ack, I'm planing to go ahead with reviewing anyways asap. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 2 13:42:20 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 02 May 2013 20:42:20 -0000 Subject: [Bro-Dev] #845: PF_RING+DNA In-Reply-To: <046.fd6f0f04e887db155402c1572d02fff0@tracker.bro.org> References: <046.fd6f0f04e887db155402c1572d02fff0@tracker.bro.org> Message-ID: <061.a448540a5edb238988d91d0b02099013@tracker.bro.org> #845: PF_RING+DNA ------------------------------+------------------------ Reporter: dnthayer | Owner: dnthayer Type: Feature Request | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Comment (by Daniel Thayer ): In [changeset:0d2a4b24e4e1cd2b1647a301bca95e5ca3c24eb3/broctl]: {{{ #!CommitTicketReference repository="broctl" revision="0d2a4b24e4e1cd2b1647a301bca95e5ca3c24eb3" Add support for PF_RING+DNA Added support for "lb_method=pf_ring_dna" in node.cfg by providing a new broctl plugin that automatically runs pfdnacluster_master on each worker host before Bro is started. Addresses #845. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 2 14:54:40 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 02 May 2013 21:54:40 -0000 Subject: [Bro-Dev] #981: &default record only creates one record In-Reply-To: <046.19e3bb096ee03fbe6a622f573705cb5f@tracker.bro.org> References: <046.19e3bb096ee03fbe6a622f573705cb5f@tracker.bro.org> Message-ID: <061.b06b7febf027e140a8d90f44aa895f6d@tracker.bro.org> #981: &default record only creates one record -----------------------+------------------------ Reporter: dmandelb | Owner: Type: Problem | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: -----------------------+------------------------ Comment (by jsiwek): Transferring previous discussion from bro-dev list since I think otherwise it will get lost/forgotten: >>Can we change tables so that if &default is a non-constant, the first >>time one accesses a non-existing index, that slot gets assigned a >>deep-copy of the &default value? > >I'm not a fan of this, as "&default is a non-constant" is a more nuanced >semantic notion (and could get messy for complicated constructors) than >the sort that I think language rules should draw upon. Rather, my thinking >is that &default should apply to rvalues but not lvalues. I believe (but >have not confirmed) that there's enough context in the parser to tell whether >the access is in an lvalue context or an rvalue context. If so, then the >former shoud be a run-time error; if the user wants to update a value in the >table that's not already there, they need to first put the value in the table. There's only really an implicit lvalue context that doesn't extend to sub- expressions. If it were made explicit and extended to sub-expressions, I'm still sketchy on what rules would determine whether a table lookup that results in &default being used is a runtime error or not. The example provided originally in this ticket is one that would be nice to have produce a run-time error, but then there's things like: {{{ global foo: table[count] of string &default="test"; global bar: table[string] of count; bar["test"] = 7; bar[foo[0]] = 13; }}} That shouldn't result in a runtime error even though the `foo[0]` sub- expression results in the use of the &default within the context of the outer lvalue expression. Would the rule be that we have to propagate the lvalue "context" to the operand of all unary expressions and only the left operand of binary expressions? >>An alternative would be to have the lookup return a copy of the >>default, but not modify the table. > >That makes sense to me in any case. In fact, I'm surprised this isn't >what already happens. This is simple to change, are we ok with going this route? i.e. this solution invalidates the premise of this ticket and #980 regarding whether &default modifies table membership. -- Ticket URL: Bro Tracker Bro Issue Tracker From robin at icir.org Thu May 2 15:46:43 2013 From: robin at icir.org (Robin Sommer) Date: Thu, 2 May 2013 15:46:43 -0700 Subject: [Bro-Dev] #981: &default record only creates one record In-Reply-To: <061.b06b7febf027e140a8d90f44aa895f6d@tracker.bro.org> References: <046.19e3bb096ee03fbe6a622f573705cb5f@tracker.bro.org> <061.b06b7febf027e140a8d90f44aa895f6d@tracker.bro.org> Message-ID: <20130502224643.GL24239@icir.org> On Thu, May 02, 2013 at 21:54 -0000, you wrote: > >>An alternative would be to have the lookup return a copy of the > >>default, but not modify the table. > > > >That makes sense to me in any case. In fact, I'm surprised this isn't > >what already happens. > > This is simple to change, are we ok with going this route? Sounds good to me. It should optimize for the constant case though where a copy isn't needed. -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin From bro at tracker.bro.org Thu May 2 15:49:36 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 02 May 2013 22:49:36 -0000 Subject: [Bro-Dev] #981: &default record only creates one record In-Reply-To: <046.19e3bb096ee03fbe6a622f573705cb5f@tracker.bro.org> References: <046.19e3bb096ee03fbe6a622f573705cb5f@tracker.bro.org> Message-ID: <061.3b5e28b0e09b9c9ec16e1e9e97571b6e@tracker.bro.org> #981: &default record only creates one record -----------------------+------------------------ Reporter: dmandelb | Owner: Type: Problem | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: -----------------------+------------------------ Comment (by robin): On Thu, May 02, 2013 at 21:54 -0000, you wrote: > >>An alternative would be to have the lookup return a copy of the > >>default, but not modify the table. > > > >That makes sense to me in any case. In fact, I'm surprised this isn't > >what already happens. > > This is simple to change, are we ok with going this route? Sounds good to me. It should optimize for the constant case though where a copy isn't needed. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Fri May 3 00:00:02 2013 From: noreply at bro.org (Merge Tracker) Date: Fri, 3 May 2013 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305030700.r43702hW029703@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 927 [1] | seth | seth | Normal | topic/seth/metrics-merge: Metrics framework updates [2] Bro | 982 [3] | jsiwek | | Low | topic/jsiwek/file-analysis [4] BroControl | 989 [5] | dnthayer | | Medium | topic/dnthayer/cleanup2 [6] [1] #927: http://tracker.bro.org/bro/ticket/927 [2] metrics-merge:: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/metrics-merge: [3] #982: http://tracker.bro.org/bro/ticket/982 [4] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [5] #989: http://tracker.bro.org/bro/ticket/989 [6] cleanup2: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/cleanup2 From bro at tracker.bro.org Fri May 3 07:51:41 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 14:51:41 -0000 Subject: [Bro-Dev] #991: Imap Analyzer Message-ID: <045.039a756998d0954c8087a59e91c0046f@tracker.bro.org> #991: Imap Analyzer ------------------------+--------------------------- Reporter: nicolas | Type: Patch Status: new | Priority: Low Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: Imap analyzer ------------------------+--------------------------- Here is an Imap Analyzer and a quick script sample. It is inspired of the POP3 Analyzer. No problem to make some coding changes if you ask. Nicolas -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 07:55:15 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 14:55:15 -0000 Subject: [Bro-Dev] #992: broctl cron locks all bro processes Message-ID: <048.fd2dca9e5e39ad6e389c97dda3847f00@tracker.bro.org> #992: broctl cron locks all bro processes ------------------------+--------------------- Reporter: carlopmart | Type: Problem Status: new | Priority: Low Milestone: | Component: Bro Version: 2.1 | Keywords: ------------------------+--------------------- I have installed bro 2.1 in a FreeBSD 9.1 amd64 host (compiled from source). All work as expected except for "broctl cron" job ... I have configured this job to run every 5 min (like Bro's documentation says), but every time locks all bro processes: 41561 ?? I 0:00.01 bash /opt/bro/share/broctl/scripts/run-bro -i em4 -U .status -p broctl -p broctl-live -p standalone -p local -p bro local.bro broctl broctl/standalone broctl/auto 41572 ?? R 215:33.48 /opt/bro/bin/bro -i em4 -U .status -p broctl -p broctl-live -p standalone -p local -p bro local.bro broctl broctl/standalone broctl/auto 41590 ?? SN 0:48.43 /opt/bro/bin/bro -i em4 -U .status -p broctl -p broctl-live -p standalone -p local -p bro local.bro broctl broctl/standalone broctl/auto 41695 ?? I 0:00.00 cron: running job (cron) 41699 ?? Is 0:00.22 /usr/local/bin/python /usr/local/bin/broctl cron (python2.7) 41731 ?? Is 0:00.01 sh 41745 ?? I 0:00.00 cron: running job (cron) 41748 ?? Is 0:00.17 /usr/local/bin/python /usr/local/bin/broctl cron (python2.7) 41774 ?? Is 0:00.01 /usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t 41775 ?? Is 0:00.01 sh 41777 ?? I 0:00.00 cron: running job (cron) 41780 ?? Is 0:00.20 /usr/local/bin/python /usr/local/bin/broctl cron (python2.7) 41813 ?? Is 0:00.01 /usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t 41814 ?? Is 0:00.01 sh 41828 ?? I 0:00.00 cron: running job (cron) 41831 ?? Is 0:00.19 /usr/local/bin/python /usr/local/bin/broctl cron (python2.7) 41857 ?? Is 0:00.01 /usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t 41858 ?? Is 0:00.01 sh 41862 ?? I 0:00.00 cron: running job (cron) 41866 ?? Is 0:00.19 /usr/local/bin/python /usr/local/bin/broctl cron (python2.7) 41898 ?? Is 0:00.01 /usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t 41899 ?? Is 0:00.01 sh 41901 ?? I 0:00.00 cron: running job (cron) 41905 ?? Is 0:00.19 /usr/local/bin/python /usr/local/bin/broctl cron (python2.7) 41942 ?? Is 0:00.01 /usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t 41943 ?? Is 0:00.01 sh 42935 ?? I 0:00.00 cron: running job (cron) 42939 ?? Is 0:00.15 /usr/local/bin/python /usr/local/bin/broctl cron (python2.7) 43003 ?? Is 0:00.01 /usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t 43004 ?? Is 0:00.01 sh If I try to run any broctl command: Welcome to BroControl 1.1 Type "help" for help. [BroControl] > status waiting for lock ..................................cannot get lock Compile options: ./configure --prefix=/opt/bro --enable-perftools --disable-ruby --conf- files-dir=/data/config/etc/bro/conf --scriptdir=/data/config/etc/bro/scripts -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 08:00:49 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 15:00:49 -0000 Subject: [Bro-Dev] #992: broctl cron locks all bro processes In-Reply-To: <048.fd2dca9e5e39ad6e389c97dda3847f00@tracker.bro.org> References: <048.fd2dca9e5e39ad6e389c97dda3847f00@tracker.bro.org> Message-ID: <063.8aa97e8571e763f39e36e55a5d832db4@tracker.bro.org> #992: broctl cron locks all bro processes -------------------------+-------------------- Reporter: carlopmart | Owner: Type: Problem | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: 2.1 Resolution: | Keywords: -------------------------+-------------------- Changes (by seth): * milestone: => Bro2.2 -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 08:16:31 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 15:16:31 -0000 Subject: [Bro-Dev] #992: broctl cron locks all bro processes In-Reply-To: <048.fd2dca9e5e39ad6e389c97dda3847f00@tracker.bro.org> References: <048.fd2dca9e5e39ad6e389c97dda3847f00@tracker.bro.org> Message-ID: <063.f299d01dbf8104ea3e583759007a8788@tracker.bro.org> #992: broctl cron locks all bro processes -------------------------+-------------------- Reporter: carlopmart | Owner: Type: Problem | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: 2.1 Resolution: | Keywords: -------------------------+-------------------- Comment (by seth): For now you can work around this issue by not using the --scriptdir or --conf-files-dir options. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 08:18:49 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 15:18:49 -0000 Subject: [Bro-Dev] #927: topic/seth/metrics-merge: Metrics framework updates In-Reply-To: <042.a8a353a2e7de5a01b629d7caf36d7acc@tracker.bro.org> References: <042.a8a353a2e7de5a01b629d7caf36d7acc@tracker.bro.org> Message-ID: <057.08c3e5dd3ab2799480500e4d77eacf9c@tracker.bro.org> #927: topic/seth/metrics-merge: Metrics framework updates ---------------------+------------------------ Reporter: seth | Owner: seth Type: Task | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ---------------------+------------------------ Changes (by robin): * type: Merge Request => Task -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 08:21:20 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 15:21:20 -0000 Subject: [Bro-Dev] #991: Imap Analyzer In-Reply-To: <045.039a756998d0954c8087a59e91c0046f@tracker.bro.org> References: <045.039a756998d0954c8087a59e91c0046f@tracker.bro.org> Message-ID: <060.bbc66f701c4e59a68e6897d3b3b7ab03@tracker.bro.org> #991: Imap Analyzer ----------------------+--------------------------- Reporter: nicolas | Owner: seth Type: Patch | Status: accepted Priority: Low | Milestone: Bro2.3 Component: Bro | Version: git/master Resolution: | Keywords: Imap analyzer ----------------------+--------------------------- Changes (by seth): * owner: => seth * status: new => accepted * milestone: Bro2.2 => Bro2.3 -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 09:22:51 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 16:22:51 -0000 Subject: [Bro-Dev] #980: elements not added to set as expected when using &default In-Reply-To: <046.1f46f88afe0c8267d678905d2253bbd7@tracker.bro.org> References: <046.1f46f88afe0c8267d678905d2253bbd7@tracker.bro.org> Message-ID: <061.97de3f7233e6a17c444aa3ca12290cde@tracker.bro.org> #980: elements not added to set as expected when using &default -----------------------+------------------------ Reporter: dmandelb | Owner: Type: Problem | Status: closed Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: Invalid | Keywords: -----------------------+------------------------ Changes (by jsiwek): * status: new => closed * resolution: => Invalid Comment: Closing this as invalid since it was decided that &default shouldn't modify table membership when looking up indices that aren't in the table. Related discussion/changes in #981. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 09:24:41 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 16:24:41 -0000 Subject: [Bro-Dev] #992: broctl cron locks all bro processes In-Reply-To: <048.fd2dca9e5e39ad6e389c97dda3847f00@tracker.bro.org> References: <048.fd2dca9e5e39ad6e389c97dda3847f00@tracker.bro.org> Message-ID: <063.e324c3e3f02246a9a14168701aa6dd96@tracker.bro.org> #992: broctl cron locks all bro processes -------------------------+-------------------- Reporter: carlopmart | Owner: Type: Problem | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: 2.1 Resolution: | Keywords: -------------------------+-------------------- Comment (by dnthayer): In the output above, I see lines like this (notice that broctl is in /usr/local/bin): 41905 ?? Is 0:00.19 /usr/local/bin/python /usr/local/bin/broctl cron (python2.7) But the compile options you specified were: ./configure --prefix=/opt/bro --enable-perftools --disable-ruby --conf- files-dir=/data/config/etc/bro/conf --scriptdir=/data/config/etc/bro/scripts So, how did broctl get installed in /usr/local/bin ? Did you manually copy or move files after doing "make install"? Or, do you have multiple versions of Bro installed on the same machine (in different locations)? I would suggest running "broctl config", and for each directory path in the output, make sure that each one exists. Also, check your PATH environment variable to make sure it doesn't list a directory for an older installation of Bro. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 09:36:37 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 16:36:37 -0000 Subject: [Bro-Dev] #981: &default record only creates one record In-Reply-To: <046.19e3bb096ee03fbe6a622f573705cb5f@tracker.bro.org> References: <046.19e3bb096ee03fbe6a622f573705cb5f@tracker.bro.org> Message-ID: <061.f9617f9e386b5668e8831d82ad10ade9@tracker.bro.org> #981: &default record only creates one record -----------------------+------------------------ Reporter: dmandelb | Owner: Type: Problem | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: -----------------------+------------------------ Comment (by jsiwek): In [changeset:6a7a242db93bc470d77026c894ad8d19a7f50010/bro]: {{{ #!CommitTicketReference repository="bro" revision="6a7a242db93bc470d77026c894ad8d19a7f50010" Table lookups return copy of non-const &default vals (addresses #981). This prevents unintentional modifications to the &default value itself. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 09:39:01 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 16:39:01 -0000 Subject: [Bro-Dev] #981: &default record only creates one record In-Reply-To: <046.19e3bb096ee03fbe6a622f573705cb5f@tracker.bro.org> References: <046.19e3bb096ee03fbe6a622f573705cb5f@tracker.bro.org> Message-ID: <061.eff8cbd3c114379c5b4e1f04dcad2616@tracker.bro.org> #981: &default record only creates one record ----------------------------+------------------------ Reporter: dmandelb | Owner: Type: Merge Request | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by jsiwek): * type: Problem => Merge Request Comment: The discussed change is in `topic/jsiwek/981`. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 11:26:07 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 18:26:07 -0000 Subject: [Bro-Dev] #972: Default arguments for functions In-Reply-To: <043.3f85826ab1ca109bbc1befbb9cd76ee4@tracker.bro.org> References: <043.3f85826ab1ca109bbc1befbb9cd76ee4@tracker.bro.org> Message-ID: <058.7e59caf45873ae9de386ca924249dafb@tracker.bro.org> #972: Default arguments for functions ------------------------------+------------------------ Reporter: robin | Owner: Type: Feature Request | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Comment (by jsiwek): I've got some new code that allows default params and seems to work so far. An example script: {{{ global foo: function(a: string &default="hello"); # TODO: adding &default should be optional on impl if decl has it? function foo(a: string &default="hello") { print "foo", a; } function bar(a: string, b: string &default="hi", c: count &default=5) { print "bar", a, b, c; } # TODO: should be a parse error? # (i.e. follow C++ rules that default params must be rightmost ones) function baz(a: string &default="err", b: string) { print "baz", a, b; } foo("test"); foo(); bar("hmm"); bar("cool", "beans"); bar("cool", "beans", 13); }}} Thoughts on the questions in the TODO comments? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 12:55:56 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 19:55:56 -0000 Subject: [Bro-Dev] #993: The "--scriptdir" configure option is ignored by broctl Message-ID: <046.56275970eb15ef1a77e81e32a4555f51@tracker.bro.org> #993: The "--scriptdir" configure option is ignored by broctl ------------------------+------------------------ Reporter: dnthayer | Owner: Type: Problem | Status: new Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Keywords: | ------------------------+------------------------ If the "--scriptdir" configure option is specified when building Bro, then broctl ignores it. In this situation, the first user-visible problem is that Bro fails to start. The "scripts/broctl" directory always gets installed in /share/bro (instead of the directory specified with the "--scriptdir" configure option). Also, the "policydir" broctl option is hard-coded to /share/bro instead of taking the value specified in the "--scriptdir" configure option. As a result of "policydir" having the wrong path: 1) "broctl install" cannot install any files into "policydirsiteinstall" because the source directory, "sitepolicypath", does not exist (it's actually installed according to the "--scriptdir" configure option, but the "sitepolicypath" broctl option is defined relative to the value of "policydir"), and 2) the "set-bro-path" script uses "policydir" to set BROPATH, and therefore sets BROPATH to directories that don't exist. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 12:58:48 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 19:58:48 -0000 Subject: [Bro-Dev] #992: broctl cron locks all bro processes In-Reply-To: <048.fd2dca9e5e39ad6e389c97dda3847f00@tracker.bro.org> References: <048.fd2dca9e5e39ad6e389c97dda3847f00@tracker.bro.org> Message-ID: <063.d4cc303504c9f4675c89b0349eab6e1d@tracker.bro.org> #992: broctl cron locks all bro processes -------------------------+-------------------- Reporter: carlopmart | Owner: Type: Problem | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: 2.1 Resolution: | Keywords: -------------------------+-------------------- Comment (by dnthayer): Replying to [comment:2 seth]: > For now you can work around this issue by not using the --scriptdir or --conf-files-dir options. The --conf-files-dir option should be OK to use, but --scriptdir causes problems (see ticket #993). -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 13:03:30 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 20:03:30 -0000 Subject: [Bro-Dev] #993: The "--scriptdir" configure option is ignored by broctl In-Reply-To: <046.56275970eb15ef1a77e81e32a4555f51@tracker.bro.org> References: <046.56275970eb15ef1a77e81e32a4555f51@tracker.bro.org> Message-ID: <061.f80af50059764cfd9fa04a79843ccb8f@tracker.bro.org> #993: The "--scriptdir" configure option is ignored by broctl -------------------------+------------------------ Reporter: dnthayer | Owner: Type: Problem | Status: new Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: -------------------------+------------------------ Comment (by dnthayer): I see two possible fixes: either fix broctl to not ignore "--scriptdir", or just remove the "--scriptdir" option entirely. Any preference? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 13:13:09 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 20:13:09 -0000 Subject: [Bro-Dev] #986: Bro master is leaking memory in OpaqueVal In-Reply-To: <044.843da895e468d6733a55ce9227f8d7b7@tracker.bro.org> References: <044.843da895e468d6733a55ce9227f8d7b7@tracker.bro.org> Message-ID: <059.acca1790f23830d2ca0a76d68153b4c0@tracker.bro.org> #986: Bro master is leaking memory in OpaqueVal ----------------------+------------------------ Reporter: amannb | Owner: matthias Type: Problem | Status: assigned Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Changes (by amannb): * owner: => matthias * status: new => assigned -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 14:29:43 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 21:29:43 -0000 Subject: [Bro-Dev] #986: Bro master is leaking memory in OpaqueVal In-Reply-To: <044.843da895e468d6733a55ce9227f8d7b7@tracker.bro.org> References: <044.843da895e468d6733a55ce9227f8d7b7@tracker.bro.org> Message-ID: <059.39f67f8299499303413d158b8afe9cb3@tracker.bro.org> #986: Bro master is leaking memory in OpaqueVal ----------------------+------------------------ Reporter: amannb | Owner: matthias Type: Problem | Status: assigned Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by matthias): In [changeset:e78c20c0f87ec30c7cbeb76aa8e16b6afea1c655/bro]: {{{ #!CommitTicketReference repository="bro" revision="e78c20c0f87ec30c7cbeb76aa8e16b6afea1c655" Fix memory-leak in OpaqueVal. Addresses #986. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 15:48:26 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 22:48:26 -0000 Subject: [Bro-Dev] #993: The "--scriptdir" configure option is ignored by broctl In-Reply-To: <046.56275970eb15ef1a77e81e32a4555f51@tracker.bro.org> References: <046.56275970eb15ef1a77e81e32a4555f51@tracker.bro.org> Message-ID: <061.ccf9e6b921d6bbd1e23306d92d6bf856@tracker.bro.org> #993: The "--scriptdir" configure option is ignored by broctl -------------------------+------------------------ Reporter: dnthayer | Owner: Type: Problem | Status: new Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: -------------------------+------------------------ Comment (by seth): > I see two possible fixes: either fix broctl to not ignore "-- scriptdir", or > just remove the "--scriptdir" option entirely. BroControl needs fixed, we need to be able to have complete control over file locations for package maintainers. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 15:49:06 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 22:49:06 -0000 Subject: [Bro-Dev] #992: broctl cron locks all bro processes In-Reply-To: <048.fd2dca9e5e39ad6e389c97dda3847f00@tracker.bro.org> References: <048.fd2dca9e5e39ad6e389c97dda3847f00@tracker.bro.org> Message-ID: <063.938adf3d8ed706293b466964ca470e2e@tracker.bro.org> #992: broctl cron locks all bro processes -------------------------+-------------------- Reporter: carlopmart | Owner: Type: Problem | Status: closed Priority: Low | Milestone: Bro2.2 Component: Bro | Version: 2.1 Resolution: Duplicate | Keywords: -------------------------+-------------------- Changes (by seth): * status: new => closed * resolution: => Duplicate Comment: Thanks Daniel, I forgot about that other ticket. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 15:52:30 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 22:52:30 -0000 Subject: [Bro-Dev] #986: Bro master is leaking memory in OpaqueVal In-Reply-To: <044.843da895e468d6733a55ce9227f8d7b7@tracker.bro.org> References: <044.843da895e468d6733a55ce9227f8d7b7@tracker.bro.org> Message-ID: <059.00abd8702b9187089aa8fe07d53eced4@tracker.bro.org> #986: Bro master is leaking memory in OpaqueVal ----------------------+------------------------ Reporter: amannb | Owner: matthias Type: Problem | Status: assigned Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by matthias): In [changeset:9ac00f8c79f49972923ac2db5b5fc56b8dac26c1/bro]: {{{ #!CommitTicketReference repository="bro" revision="9ac00f8c79f49972923ac2db5b5fc56b8dac26c1" Do not allocate one OpaqueType per OpaqueVal. Instead, we now allocate type information globally in NetVar.cc. Addresses #986. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 15:57:08 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 22:57:08 -0000 Subject: [Bro-Dev] #972: Default arguments for functions In-Reply-To: <043.3f85826ab1ca109bbc1befbb9cd76ee4@tracker.bro.org> References: <043.3f85826ab1ca109bbc1befbb9cd76ee4@tracker.bro.org> Message-ID: <058.50f7c62bb30c83f468513b9fd95601f1@tracker.bro.org> #972: Default arguments for functions ------------------------------+------------------------ Reporter: robin | Owner: Type: Feature Request | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Comment (by seth): > global foo: function(a: string &default="hello"); Oooh, you used an existing idiom even! Nice job. > # TODO: adding &default should be optional on impl if decl has it? > function foo(a: string &default="hello") Yikes, I have no clue on this. I'm inclined to say that it should be ok for it to be optional. > # TODO: should be a parse error? > # (i.e. follow C++ rules that default params must be rightmost ones) > function baz(a: string &default="err", b: string) Yes, definitely should be a parse error. Do these defaults work with events and hooks too? I have no clue if I'd ever want to use defaults for those, but it seems like it should to keep things consistent. Although for events it could be a bit weird because the default value would have to be applied by the calling process so that the default value is serialized and sent to the remote process as-is. No -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 16:04:43 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 03 May 2013 23:04:43 -0000 Subject: [Bro-Dev] #972: Default arguments for functions In-Reply-To: <043.3f85826ab1ca109bbc1befbb9cd76ee4@tracker.bro.org> References: <043.3f85826ab1ca109bbc1befbb9cd76ee4@tracker.bro.org> Message-ID: <058.b0ea75c623e88bf6597054d34a5a89ce@tracker.bro.org> #972: Default arguments for functions ------------------------------+------------------------ Reporter: robin | Owner: Type: Feature Request | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Comment (by robin): Agree with Seth on both counts (and on the "nice" as well :) But yes, it should work with all "function-like" things if it doesn't already. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 17:55:15 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Sat, 04 May 2013 00:55:15 -0000 Subject: [Bro-Dev] #981: &default record only creates one record In-Reply-To: <046.19e3bb096ee03fbe6a622f573705cb5f@tracker.bro.org> References: <046.19e3bb096ee03fbe6a622f573705cb5f@tracker.bro.org> Message-ID: <061.bd57129b225424a883f6570745bbc455@tracker.bro.org> #981: &default record only creates one record ----------------------------+------------------------ Reporter: dmandelb | Owner: robin Type: Merge Request | Status: closed Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [changeset:69c73631478f4c984fa0e68d1826026df0cfc3e5/bro]: {{{ #!CommitTicketReference repository="bro" revision="69c73631478f4c984fa0e68d1826026df0cfc3e5" Merge remote-tracking branch 'origin/topic/jsiwek/981' Closes #981. * origin/topic/jsiwek/981: Table lookups return copy of non-const &default vals (addresses #981). }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 3 17:24:24 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Sat, 04 May 2013 00:24:24 -0000 Subject: [Bro-Dev] #986: Bro master is leaking memory in OpaqueVal In-Reply-To: <044.843da895e468d6733a55ce9227f8d7b7@tracker.bro.org> References: <044.843da895e468d6733a55ce9227f8d7b7@tracker.bro.org> Message-ID: <059.e08ef912c8ca11900537f5c00e0f1f0b@tracker.bro.org> #986: Bro master is leaking memory in OpaqueVal ----------------------+------------------------ Reporter: amannb | Owner: matthias Type: Problem | Status: closed Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------+------------------------ Changes (by robin): * status: assigned => closed * resolution: => fixed Comment: In [changeset:75cbce8ea40ec9e4eb555ec69b1c0b723099856a/bro]: {{{ #!CommitTicketReference repository="bro" revision="75cbce8ea40ec9e4eb555ec69b1c0b723099856a" Merge remote-tracking branch 'origin/fastpath' Closes #986 * origin/fastpath: Do not allocate one OpaqueType per OpaqueVal. Fix memory-leak in OpaqueVal. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Sat May 4 00:00:02 2013 From: noreply at bro.org (Merge Tracker) Date: Sat, 4 May 2013 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305040700.r44702B3028684@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 982 [1] | jsiwek | | Low | topic/jsiwek/file-analysis [2] BroControl | 989 [3] | dnthayer | | Medium | topic/dnthayer/cleanup2 [4] [1] #982: http://tracker.bro.org/bro/ticket/982 [2] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [3] #989: http://tracker.bro.org/bro/ticket/989 [4] cleanup2: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/cleanup2 From bro at tracker.bro.org Sat May 4 22:34:09 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Sun, 05 May 2013 05:34:09 -0000 Subject: [Bro-Dev] #993: The "--scriptdir" configure option is ignored by broctl In-Reply-To: <046.56275970eb15ef1a77e81e32a4555f51@tracker.bro.org> References: <046.56275970eb15ef1a77e81e32a4555f51@tracker.bro.org> Message-ID: <061.8d9c99774946b448e0b414ba19ff4f88@tracker.bro.org> #993: The "--scriptdir" configure option is ignored by broctl -------------------------+------------------------ Reporter: dnthayer | Owner: Type: Problem | Status: new Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: -------------------------+------------------------ Comment (by Daniel Thayer ): In [changeset:600d740dcd5df02fe9b4999f06b7e54e313cc553/broctl]: {{{ #!CommitTicketReference repository="broctl" revision="600d740dcd5df02fe9b4999f06b7e54e313cc553" Add support for the "--scriptdir" configure option Added support for the "--scriptdir" configure option so that the broctl configuration can match the Bro configuration. This option specifies where the "scripts/broctl" directory will be installed and the value of the broctl "policydir" option. Addresses #993. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Sat May 4 22:37:00 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Sun, 05 May 2013 05:37:00 -0000 Subject: [Bro-Dev] #993: The "--scriptdir" configure option is ignored by broctl In-Reply-To: <046.56275970eb15ef1a77e81e32a4555f51@tracker.bro.org> References: <046.56275970eb15ef1a77e81e32a4555f51@tracker.bro.org> Message-ID: <061.38ac8e0109488de3b471a94ef62de19f@tracker.bro.org> #993: The "--scriptdir" configure option is ignored by broctl ----------------------------+------------------------ Reporter: dnthayer | Owner: Type: Merge Request | Status: new Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by dnthayer): * type: Problem => Merge Request -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Sun May 5 00:00:02 2013 From: noreply at bro.org (Merge Tracker) Date: Sun, 5 May 2013 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305050700.r45702d4005123@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 982 [1] | jsiwek | | Low | topic/jsiwek/file-analysis [2] BroControl | 989 [3] | dnthayer | | Medium | topic/dnthayer/cleanup2 [4] BroControl | 993 [5] | dnthayer | | Medium | "The ""--scriptdir"" configure option is ignored by broctl" [1] #982: http://tracker.bro.org/bro/ticket/982 [2] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [3] #989: http://tracker.bro.org/bro/ticket/989 [4] cleanup2: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/cleanup2 [5] #993: http://tracker.bro.org/bro/ticket/993 From noreply at bro.org Mon May 6 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Mon, 6 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305060700.r46703gT026760@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 982 [1] | jsiwek | | Low | topic/jsiwek/file-analysis [2] BroControl | 989 [3] | dnthayer | | Medium | topic/dnthayer/cleanup2 [4] BroControl | 993 [5] | dnthayer | | Medium | "The ""--scriptdir"" configure option is ignored by broctl" [1] #982: http://tracker.bro.org/bro/ticket/982 [2] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [3] #989: http://tracker.bro.org/bro/ticket/989 [4] cleanup2: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/cleanup2 [5] #993: http://tracker.bro.org/bro/ticket/993 From noreply at bro.org Tue May 7 00:00:05 2013 From: noreply at bro.org (Merge Tracker) Date: Tue, 7 May 2013 00:00:05 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305070700.r47705DE022295@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 982 [1] | jsiwek | | Low | topic/jsiwek/file-analysis [2] BroControl | 989 [3] | dnthayer | | Medium | topic/dnthayer/cleanup2 [4] BroControl | 993 [5] | dnthayer | | Medium | "The ""--scriptdir"" configure option is ignored by broctl" [1] #982: http://tracker.bro.org/bro/ticket/982 [2] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [3] #989: http://tracker.bro.org/bro/ticket/989 [4] cleanup2: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/cleanup2 [5] #993: http://tracker.bro.org/bro/ticket/993 From bro at tracker.bro.org Tue May 7 12:39:57 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 07 May 2013 19:39:57 -0000 Subject: [Bro-Dev] #972: Default arguments for functions In-Reply-To: <043.3f85826ab1ca109bbc1befbb9cd76ee4@tracker.bro.org> References: <043.3f85826ab1ca109bbc1befbb9cd76ee4@tracker.bro.org> Message-ID: <058.8466fc4f7cb39582ee264b2ae874c514@tracker.bro.org> #972: Default arguments for functions ------------------------------+------------------------ Reporter: robin | Owner: Type: Feature Request | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Comment (by jsiwek): In [changeset:e2a1d4a233f71fc74c10930a71568104207ca789/bro]: {{{ #!CommitTicketReference repository="bro" revision="e2a1d4a233f71fc74c10930a71568104207ca789" Allow default function/hook/event parameters. Addresses #972. And changed the endianness parameter of bytestring_to_count() BIF to default to false (big endian), mostly just to prove that the BIF parser doesn't choke on default parameters. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Tue May 7 12:58:31 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 07 May 2013 19:58:31 -0000 Subject: [Bro-Dev] #972: Default arguments for functions In-Reply-To: <043.3f85826ab1ca109bbc1befbb9cd76ee4@tracker.bro.org> References: <043.3f85826ab1ca109bbc1befbb9cd76ee4@tracker.bro.org> Message-ID: <058.3929080e77e1513bb15fefac0dc288ce@tracker.bro.org> #972: Default arguments for functions ------------------------------+------------------------ Reporter: robin | Owner: Type: Feature Request | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Comment (by jsiwek): In `topic/jsiwek/972`. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Tue May 7 12:58:47 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 07 May 2013 19:58:47 -0000 Subject: [Bro-Dev] #972: Default arguments for functions In-Reply-To: <043.3f85826ab1ca109bbc1befbb9cd76ee4@tracker.bro.org> References: <043.3f85826ab1ca109bbc1befbb9cd76ee4@tracker.bro.org> Message-ID: <058.593129013ed4337aa322b0a319fefa2b@tracker.bro.org> #972: Default arguments for functions ----------------------------+------------------------ Reporter: robin | Owner: Type: Merge Request | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by jsiwek): * type: Feature Request => Merge Request -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Wed May 8 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Wed, 8 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305080700.r48703sY006939@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 972 [1] | robin | | Low | Default arguments for functions Bro | 982 [2] | jsiwek | | Low | topic/jsiwek/file-analysis [3] BroControl | 989 [4] | dnthayer | | Medium | topic/dnthayer/cleanup2 [5] BroControl | 993 [6] | dnthayer | | Medium | "The ""--scriptdir"" configure option is ignored by broctl" > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 70f3f43 | Bernhard Amann | 2013-05-07 | prevent merge-hook of sumstats unique plugin from damaging source data. [7] [1] #972: http://tracker.bro.org/bro/ticket/972 [2] #982: http://tracker.bro.org/bro/ticket/982 [3] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [4] #989: http://tracker.bro.org/bro/ticket/989 [5] cleanup2: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/cleanup2 [6] #993: http://tracker.bro.org/bro/ticket/993 [7] fastpath: http://tracker.bro.org/bro/changeset/70f3f4343a00605d962cca71d69f032b8123c022/bro From noreply at bro.org Thu May 9 00:00:04 2013 From: noreply at bro.org (Merge Tracker) Date: Thu, 9 May 2013 00:00:04 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305090700.r49704IZ024919@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 972 [1] | robin | | Low | Default arguments for functions Bro | 982 [2] | jsiwek | | Low | topic/jsiwek/file-analysis [3] BroControl | 989 [4] | dnthayer | | Medium | topic/dnthayer/cleanup2 [5] BroControl | 993 [6] | dnthayer | | Medium | "The ""--scriptdir"" configure option is ignored by broctl" > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 70f3f43 | Bernhard Amann | 2013-05-07 | prevent merge-hook of sumstats unique plugin from damaging source data. [7] [1] #972: http://tracker.bro.org/bro/ticket/972 [2] #982: http://tracker.bro.org/bro/ticket/982 [3] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [4] #989: http://tracker.bro.org/bro/ticket/989 [5] cleanup2: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/cleanup2 [6] #993: http://tracker.bro.org/bro/ticket/993 [7] fastpath: http://tracker.bro.org/bro/changeset/70f3f4343a00605d962cca71d69f032b8123c022/bro From noreply at bro.org Fri May 10 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Fri, 10 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305100700.r4A703nI013593@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 972 [1] | robin | | Low | Default arguments for functions Bro | 982 [2] | jsiwek | | Low | topic/jsiwek/file-analysis [3] BroControl | 989 [4] | dnthayer | | Medium | topic/dnthayer/cleanup2 [5] BroControl | 993 [6] | dnthayer | | Medium | "The ""--scriptdir"" configure option is ignored by broctl" > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 70f3f43 | Bernhard Amann | 2013-05-07 | prevent merge-hook of sumstats unique plugin from damaging source data. [7] [1] #972: http://tracker.bro.org/bro/ticket/972 [2] #982: http://tracker.bro.org/bro/ticket/982 [3] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [4] #989: http://tracker.bro.org/bro/ticket/989 [5] cleanup2: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/cleanup2 [6] #993: http://tracker.bro.org/bro/ticket/993 [7] fastpath: http://tracker.bro.org/bro/changeset/70f3f4343a00605d962cca71d69f032b8123c022/bro From bro at tracker.bro.org Fri May 10 08:21:00 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 10 May 2013 15:21:00 -0000 Subject: [Bro-Dev] #970: broctl stop/restart eating logs? In-Reply-To: <043.5d6412f7ce4509d8495a47e06660809a@tracker.bro.org> References: <043.5d6412f7ce4509d8495a47e06660809a@tracker.bro.org> Message-ID: <058.bd92f967a4d67bcab6c3566656813590@tracker.bro.org> #970: broctl stop/restart eating logs? -----------------------------+------------------------ Reporter: robin | Owner: Type: Merge Request | Status: new Priority: High | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Changes (by dnthayer): * type: Problem => Merge Request Comment: Fixed both problems (conn.log gets deleted before being archived, and two processes trying to create conn-summary.log at the same time) in branch topic/dnthayer/bug970. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 10 10:38:40 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 10 May 2013 17:38:40 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.5c303494010dfda73e6d3ba230826d1b@tracker.bro.org> #983: Deep typing bug ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by jsiwek): Would it be a reasonable solution to allow some type parameterization on the container constructors. E.g.: {{{ type MyRec: record { min: count &optional; max: count; }; print record($min=7, $max=42); print set([$max=5], [$min=2, $max=10]); }}} Otherwise, in an example like that, there's no way to implicitly type the container/record. For the original example Seth gave, there should be a way to infer type from the context of the assignment, but IMO there always seems to be "just one more case we forgot about" when it comes to automatic record/container type coercion/promotion/inference... If it sounds ok to add this feature to the language, does the syntax look alright with the angle brackets before the constructor param lists? {{{ record(...); set(...); table<[TypeList], Type>(...); vector(...); }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 10 11:40:25 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 10 May 2013 18:40:25 -0000 Subject: [Bro-Dev] #994: segmentation fault with anonymous enum Message-ID: <046.64a86e09b9bcaade8ee4dee4e0e91a98@tracker.bro.org> #994: segmentation fault with anonymous enum ------------------------+--------------------- Reporter: dmandelb | Type: Problem Status: new | Priority: Low Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: ------------------------+--------------------- This code: {{{ global x: enum {FOO, BAR} = FOO; }}} Causes a segmentation fault with this backtrace: {{{ #0 0x082733be in ID::Name (this=0x0) at /home/dmandelb/bro/src/ID.h:23 #1 0x0826a19e in parser_new_enum () at parse.y:142 #2 0x0826e068 in yyparse () at parse.y:850 #3 0x08281a42 in main (argc=5, argv=0xbffff2b4) at /home/dmandelb/bro/src/main.cc:801 }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 10 12:14:13 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 10 May 2013 19:14:13 -0000 Subject: [Bro-Dev] #26: case insensitive regular expressions In-Reply-To: <042.c4b0e6712d1df5977979afc6781bd767@tracker.bro.org> References: <042.c4b0e6712d1df5977979afc6781bd767@tracker.bro.org> Message-ID: <057.de7919dec7463bc750b198da12402f15@tracker.bro.org> #26: case insensitive regular expressions ------------------------------+-------------------- Reporter: vern | Owner: Type: Feature Request | Status: seen Priority: Normal | Milestone: Bro2.3 Component: Bro | Version: Resolution: | Keywords: ------------------------------+-------------------- Changes (by seth): * milestone: Bro2.2 => Bro2.3 Comment: Apparently this ticket hasn't ripened yet. Bumping it! -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 10 12:15:09 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 10 May 2013 19:15:09 -0000 Subject: [Bro-Dev] #845: PF_RING+DNA In-Reply-To: <046.fd6f0f04e887db155402c1572d02fff0@tracker.bro.org> References: <046.fd6f0f04e887db155402c1572d02fff0@tracker.bro.org> Message-ID: <061.aa649c0b3d45505a848d682c3d9d594d@tracker.bro.org> #845: PF_RING+DNA ------------------------------+------------------------ Reporter: dnthayer | Owner: dnthayer Type: Feature Request | Status: assigned Priority: Normal | Milestone: Bro2.3 Component: BroControl | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Changes (by seth): * milestone: Bro2.2 => Bro2.3 Comment: I'm going to bump this since it's untested. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 10 12:16:24 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 10 May 2013 19:16:24 -0000 Subject: [Bro-Dev] #920: Have broctl return useful exit codes In-Reply-To: <048.810250bf9909bb4bfc0a6a9683024571@tracker.bro.org> References: <048.810250bf9909bb4bfc0a6a9683024571@tracker.bro.org> Message-ID: <063.d1d490a83da3b940a9aecc6c48b76f09@tracker.bro.org> #920: Have broctl return useful exit codes -------------------------+------------------------ Reporter: grigorescu | Owner: dnthayer Type: Patch | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: -------------------------+------------------------ Comment (by seth): Daniel, have you taken a look yet? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 10 12:16:48 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 10 May 2013 19:16:48 -0000 Subject: [Bro-Dev] #647: Extend HTTP analyzer to support multiply encoded content. In-Reply-To: <042.fb7c0a04fd9842aee206482d2296d127@tracker.bro.org> References: <042.fb7c0a04fd9842aee206482d2296d127@tracker.bro.org> Message-ID: <057.fcb7a71eb7ca8d9a93d1583f14b828bf@tracker.bro.org> #647: Extend HTTP analyzer to support multiply encoded content. ----------------------+---------------------- Reporter: seth | Owner: jsiwek Type: Problem | Status: assigned Priority: Normal | Milestone: Bro2.3 Component: Bro | Version: Resolution: | Keywords: ----------------------+---------------------- Changes (by seth): * milestone: Bro2.2 => Bro2.3 Comment: Not yet. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 10 12:17:24 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 10 May 2013 19:17:24 -0000 Subject: [Bro-Dev] #953: SSL Analyzer: return the root CA used to validate a cert In-Reply-To: <049.53e5e61db6736ce8a55012a7ba223c1b@tracker.bro.org> References: <049.53e5e61db6736ce8a55012a7ba223c1b@tracker.bro.org> Message-ID: <064.3d9eb2cb34042de2a7ee6ecabfe3acd7@tracker.bro.org> #953: SSL Analyzer: return the root CA used to validate a cert ------------------------------+------------------------------------ Reporter: liamrandall | Owner: amannb Type: Feature Request | Status: assigned Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: SSL Analyzer, Root, CA ------------------------------+------------------------------------ Comment (by seth): Bernhard, is this ready to be a merge request? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 10 12:18:53 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 10 May 2013 19:18:53 -0000 Subject: [Bro-Dev] #953: SSL Analyzer: return the root CA used to validate a cert In-Reply-To: <049.53e5e61db6736ce8a55012a7ba223c1b@tracker.bro.org> References: <049.53e5e61db6736ce8a55012a7ba223c1b@tracker.bro.org> Message-ID: <064.85b55012e80d644f6bc8297443e772cd@tracker.bro.org> #953: SSL Analyzer: return the root CA used to validate a cert ------------------------------+------------------------------------ Reporter: liamrandall | Owner: amannb Type: Feature Request | Status: assigned Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: SSL Analyzer, Root, CA ------------------------------+------------------------------------ Comment (by amannb): Nope, sorry. It still needs a little work - not much, but it is not ready as it is at the moment. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 10 12:19:17 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 10 May 2013 19:19:17 -0000 Subject: [Bro-Dev] #976: regex change in syslog-analyzer.pac In-Reply-To: <045.4ffa1e8cb47d98f8a92d0eac529f48ff@tracker.bro.org> References: <045.4ffa1e8cb47d98f8a92d0eac529f48ff@tracker.bro.org> Message-ID: <060.f497b376ded745e20440458936f568ab@tracker.bro.org> #976: regex change in syslog-analyzer.pac -----------------------+------------------------ Reporter: aashish | Owner: Type: Patch | Status: closed Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: Rejected | Keywords: -----------------------+------------------------ Changes (by seth): * status: new => closed * resolution: => Rejected Comment: I'm going to close this ticket since the patch is broken. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 10 12:21:32 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 10 May 2013 19:21:32 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.a7e74d9c2dd2f9d11f088beed3656b14@tracker.bro.org> #983: Deep typing bug ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by seth): > record(...); > set(...); > table<[TypeList], Type>(...); > vector(...); Ooh? I like that. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 10 12:26:04 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 10 May 2013 19:26:04 -0000 Subject: [Bro-Dev] #995: Potential core reference counting bug through sumstats framework Message-ID: <044.0c2906e784340a10be415879ac74c379@tracker.bro.org> #995: Potential core reference counting bug through sumstats framework ---------------------+------------------------ Reporter: amannb | Owner: Type: Problem | Status: new Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------+------------------------ Testing on our FreeBSD cluster has shown some strange behavior when running the sumstats framework with scan.bro and using the attached script to log exchanged cluster messages. This is rather interesting, because the script only writes information to the logging framework and interacts in no way with anything that should be able to mess with the reference counting. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 10 17:37:03 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Sat, 11 May 2013 00:37:03 -0000 Subject: [Bro-Dev] #920: Have broctl return useful exit codes In-Reply-To: <048.810250bf9909bb4bfc0a6a9683024571@tracker.bro.org> References: <048.810250bf9909bb4bfc0a6a9683024571@tracker.bro.org> Message-ID: <063.de67066c55cc843ac3ca22599c80337c@tracker.bro.org> #920: Have broctl return useful exit codes -------------------------+------------------------ Reporter: grigorescu | Owner: dnthayer Type: Patch | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: -------------------------+------------------------ Comment (by dnthayer): Replying to [ticket:920 grigorescu]: > I've got a broctl branch here: https://github.com/grigorescu/broctl which aims to have it return a 0 or 1 exit code for most execution paths. My dive down this particular rabbit hole started when I wanted to have status return a non-zero exit code if a node had failed, but I tried to cover everything else while I was at it. > > If someone could double-check it, to make sure that I didn't miss anything, it'd be much appreciated. Which branch contains these changes? -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Sat May 11 00:00:05 2013 From: noreply at bro.org (Merge Tracker) Date: Sat, 11 May 2013 00:00:05 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305110700.r4B705ZT028939@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 972 [1] | robin | | Low | Default arguments for functions Bro | 982 [2] | jsiwek | | Low | topic/jsiwek/file-analysis [3] BroControl | 970 [4] | robin | | High | broctl stop/restart eating logs? BroControl | 989 [5] | dnthayer | | Medium | topic/dnthayer/cleanup2 [6] BroControl | 993 [7] | dnthayer | | Medium | "The ""--scriptdir"" configure option is ignored by broctl" > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 70f3f43 | Bernhard Amann | 2013-05-07 | prevent merge-hook of sumstats unique plugin from damaging source data. [8] [1] #972: http://tracker.bro.org/bro/ticket/972 [2] #982: http://tracker.bro.org/bro/ticket/982 [3] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [4] #970: http://tracker.bro.org/bro/ticket/970 [5] #989: http://tracker.bro.org/bro/ticket/989 [6] cleanup2: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/cleanup2 [7] #993: http://tracker.bro.org/bro/ticket/993 [8] fastpath: http://tracker.bro.org/bro/changeset/70f3f4343a00605d962cca71d69f032b8123c022/bro From bro at tracker.bro.org Sat May 11 20:10:28 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Sun, 12 May 2013 03:10:28 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.9ea41035e6274374af420deb8cc4a0f7@tracker.bro.org> #983: Deep typing bug ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by vern): This likewise strikes me as reasonable with the only question being the syntax. I've lost track - has syntax already been introduced? If not, then I'm wondering if it's the right way to go here. You could imagine at least some of these more directly mirroring the declaration syntax, such as {{{ vector of xyz (...) }}} Also, what's up with the '?' in "TypeList?" ? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Sat May 11 20:11:21 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Sun, 12 May 2013 03:11:21 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.df91005bcbd7500cabf383cf6274ba00@tracker.bro.org> #983: Deep typing bug ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by vern): (Oh I see, the '?' in TypeList appears to be from the Tracker itself) -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Sun May 12 00:00:05 2013 From: noreply at bro.org (Merge Tracker) Date: Sun, 12 May 2013 00:00:05 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305120700.r4C705gr029897@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 972 [1] | robin | | Low | Default arguments for functions Bro | 982 [2] | jsiwek | | Low | topic/jsiwek/file-analysis [3] BroControl | 970 [4] | robin | | High | broctl stop/restart eating logs? BroControl | 989 [5] | dnthayer | | Medium | topic/dnthayer/cleanup2 [6] BroControl | 993 [7] | dnthayer | | Medium | "The ""--scriptdir"" configure option is ignored by broctl" > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 70f3f43 | Bernhard Amann | 2013-05-07 | prevent merge-hook of sumstats unique plugin from damaging source data. [8] [1] #972: http://tracker.bro.org/bro/ticket/972 [2] #982: http://tracker.bro.org/bro/ticket/982 [3] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [4] #970: http://tracker.bro.org/bro/ticket/970 [5] #989: http://tracker.bro.org/bro/ticket/989 [6] cleanup2: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/cleanup2 [7] #993: http://tracker.bro.org/bro/ticket/993 [8] fastpath: http://tracker.bro.org/bro/changeset/70f3f4343a00605d962cca71d69f032b8123c022/bro From noreply at bro.org Mon May 13 00:00:02 2013 From: noreply at bro.org (Merge Tracker) Date: Mon, 13 May 2013 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305130700.r4D702TW029659@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 972 [1] | robin | | Low | Default arguments for functions Bro | 982 [2] | jsiwek | | Low | topic/jsiwek/file-analysis [3] BroControl | 970 [4] | robin | | High | broctl stop/restart eating logs? BroControl | 989 [5] | dnthayer | | Medium | topic/dnthayer/cleanup2 [6] BroControl | 993 [7] | dnthayer | | Medium | "The ""--scriptdir"" configure option is ignored by broctl" > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 70f3f43 | Bernhard Amann | 2013-05-07 | prevent merge-hook of sumstats unique plugin from damaging source data. [8] [1] #972: http://tracker.bro.org/bro/ticket/972 [2] #982: http://tracker.bro.org/bro/ticket/982 [3] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [4] #970: http://tracker.bro.org/bro/ticket/970 [5] #989: http://tracker.bro.org/bro/ticket/989 [6] cleanup2: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/cleanup2 [7] #993: http://tracker.bro.org/bro/ticket/993 [8] fastpath: http://tracker.bro.org/bro/changeset/70f3f4343a00605d962cca71d69f032b8123c022/bro From bro at tracker.bro.org Mon May 13 06:56:53 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Mon, 13 May 2013 13:56:53 -0000 Subject: [Bro-Dev] #920: Have broctl return useful exit codes In-Reply-To: <048.810250bf9909bb4bfc0a6a9683024571@tracker.bro.org> References: <048.810250bf9909bb4bfc0a6a9683024571@tracker.bro.org> Message-ID: <063.bd90797246b56fcb408127bd6fceb9b9@tracker.bro.org> #920: Have broctl return useful exit codes -------------------------+------------------------ Reporter: grigorescu | Owner: dnthayer Type: Patch | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: -------------------------+------------------------ Comment (by grigorescu): Oops - sorry about that. It got lost when I was doing some shuffling. The branch is here: https://github.com/grigorescu/broctl/tree/remotes/origin/topic/vladg/exit- codes and the relevant commit is: https://github.com/grigorescu/broctl/commit/a37d4690a12ad976351c7cef6188d64f601c2f58 Please let me know if I missed anything, or if the approach I took doesn't seem reasonable. Thanks. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Mon May 13 08:09:32 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Mon, 13 May 2013 15:09:32 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.b2ba6e78474b98c4c4fca734c4277a03@tracker.bro.org> #983: Deep typing bug ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by jsiwek): Replying to [comment:5 vern]: > I've lost track - has syntax already been introduced? No, nothing uses that right now. > If not, then I'm wondering if it's the right way to go here. You could imagine at least some of these more directly mirroring the declaration syntax, such as > {{{ > vector of xyz (...) > }}} That works well for sets but looks awkward for table & vector (because the ctor params seem to apply to the yield type and not the container itself): {{{ set[TypeList](...) # looks fine table[TypeList] of Type (...) # the ctor params seem to associate with Type vector of Type (...) # same thing }}} Then adding in a record ctor ruins it for everybody. If it were to be `record(...)`, then it's entirely different from other ctors and we need to add `` syntax just for that case. If it were to be `record[Type](...)` or `record of Type (...)`, then it fits in with other ctors, but is a greater mismatch with the way records are declared. Any more preferences/ideas? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Mon May 13 08:32:34 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Mon, 13 May 2013 15:32:34 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.9d1bf9c5d6b9a610f0bd463a65ce8830@tracker.bro.org> #983: Deep typing bug ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by seth): > Any more preferences/ideas? What if we could use named types as ctors directly? {{{ type Foo: table[count] of string; global data = Foo(1 => "test"); type Bar: record { a: count; b: string; }; global data2 = Bar($a=1,$b="test"); }}} I can see how that could be a little confusing, but at least the parser could pick up on mis-use of types automatically and it's very clean to read although it does expand on the existing potential confusion between type ctors and functions. The one thing I do really like about this is that I feel like a lot of the current Bro auto typing magic (that fails in many situations) would disappear. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Mon May 13 08:57:46 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Mon, 13 May 2013 15:57:46 -0000 Subject: [Bro-Dev] #996: CPU pinning Message-ID: <042.eaea9533afae2379ec4b049cde3a3a5d@tracker.bro.org> #996: CPU pinning -----------------------------+------------------------ Reporter: seth | Owner: dnthayer Type: Feature Request | Status: new Priority: High | Milestone: Bro2.2 Component: BroControl | Version: git/master Keywords: | -----------------------------+------------------------ We need a broctl plugin that performs CPU pinning on FreeBSD and Linux. The plugin should add a new per-node option in node.cfg "pin_cpu" (with an alias "pin_cpus") that takes a comma separated list of numbers to represent the cores that someone is making available for Bro processes to be pinned to. I don't think that we need to do any verification on the numbers right now, users shouldn't give cores numbers that don't exist. Maybe we could check the status code from the tools that set cpu pinning? (assuming those fail if the core doesn't exist). The only side effect should be that the processes won't be pinned. Here's a full worker example: {{{ [worker-1] type=worker host=host1 interface=eth0 lb_method=pf_ring lb_procs=4 pin_cpus=5,6,7,8 }}} I think if a user provides fewer cores than they want to load balance across (i.e. lb_procs=10, pin_cpus=2,3) we should just start at the beginning of the pin_cpus list over and over so that in the case I just gave, cpu 2 and 3 would each have 5 processes pinned. At the moment I think we only need to support freebsd and linux with this feature. We have users that have done some work individually in this area. Linux: https://github.com/grigorescu/broctl/commit/114551d0e78b2603cfe5c33d65d1240e67d87846 FreeBSD: https://gist.github.com/sethhall/5569364 -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Mon May 13 17:03:25 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 14 May 2013 00:03:25 -0000 Subject: [Bro-Dev] #970: broctl stop/restart eating logs? In-Reply-To: <043.5d6412f7ce4509d8495a47e06660809a@tracker.bro.org> References: <043.5d6412f7ce4509d8495a47e06660809a@tracker.bro.org> Message-ID: <058.68c5557e7891f9ba7ca69934ade0a962@tracker.bro.org> #970: broctl stop/restart eating logs? -----------------------------+------------------------ Reporter: robin | Owner: dnthayer Type: Problem | Status: assigned Priority: High | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Changes (by robin): * owner: => dnthayer * status: new => assigned * type: Merge Request => Problem Comment: The fix for preventing the premature delete looks a bit brittle to me. What if the archving needs longer than the time the script is waiting? With huge log files that can happen. Also, relying on all '*.*-*.log' go away makes me feal uneasy. Here's an alternative idea: - change archive-log to create a file ".archive-log.running..tmp" at startup, where pid is the PID of the archive-log instance. At termination, remove that file. - in post-terminate, wait until all ".archive-log.running.*.tmp" are gone, but keep checking if the PIDs are still active (easiest if the PID writing into the tmp file as well). If not, remove the file manually. Do you think that would work? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Mon May 13 17:05:22 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 14 May 2013 00:05:22 -0000 Subject: [Bro-Dev] #972: Default arguments for functions In-Reply-To: <043.3f85826ab1ca109bbc1befbb9cd76ee4@tracker.bro.org> References: <043.3f85826ab1ca109bbc1befbb9cd76ee4@tracker.bro.org> Message-ID: <058.889595036cd3c732a45a7999e043137b@tracker.bro.org> #972: Default arguments for functions ----------------------------+------------------------ Reporter: robin | Owner: robin Type: Merge Request | Status: closed Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [changeset:e89e8d73062ffe2872b4d7dab79010c42e894900/bro]: {{{ #!CommitTicketReference repository="bro" revision="e89e8d73062ffe2872b4d7dab79010c42e894900" Merge remote-tracking branch 'origin/topic/jsiwek/972' Closes #972. * origin/topic/jsiwek/972: Allow default function/hook/event parameters. Addresses #972. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Mon May 13 17:05:34 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 14 May 2013 00:05:34 -0000 Subject: [Bro-Dev] #989: topic/dnthayer/cleanup2 In-Reply-To: <046.349f77fa6a6607106b6258a9a77624ab@tracker.bro.org> References: <046.349f77fa6a6607106b6258a9a77624ab@tracker.bro.org> Message-ID: <061.66747bb036628a3054bf33adae43d137@tracker.bro.org> #989: topic/dnthayer/cleanup2 ----------------------------+------------------------ Reporter: dnthayer | Owner: robin Type: Merge Request | Status: closed Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [changeset:6729e9c822bb8dcc9f794bada793b3c54034c49e/broctl]: {{{ #!CommitTicketReference repository="broctl" revision="6729e9c822bb8dcc9f794bada793b3c54034c49e" Merge remote-tracking branch 'origin/topic/dnthayer/cleanup2' Closes #989. * origin/topic/dnthayer/cleanup2: Check exit status of croncmd Improve error checking of top helper output Improve error checking of capstats output Add more error reporting to broctl cron Fix a bug when the time command is not found Fix the broctl top and cron commands on OS X Fix a couple of bugs in the broctl ps plugin Revert commit a2a3b0d6fde97c1a4778c537865f5c891278517a Ignore stdout.log and stderr.log in post-terminate Remove unused broctl scripts Improve the check-pid helper script }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Mon May 13 17:05:34 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 14 May 2013 00:05:34 -0000 Subject: [Bro-Dev] #993: The "--scriptdir" configure option is ignored by broctl In-Reply-To: <046.56275970eb15ef1a77e81e32a4555f51@tracker.bro.org> References: <046.56275970eb15ef1a77e81e32a4555f51@tracker.bro.org> Message-ID: <061.59c049dd082dd39c08742d2bdbd1213a@tracker.bro.org> #993: The "--scriptdir" configure option is ignored by broctl ----------------------------+------------------------ Reporter: dnthayer | Owner: robin Type: Merge Request | Status: closed Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [changeset:19eb25de240b533573891fe9c5bc5bc72a92d9f2/broctl]: {{{ #!CommitTicketReference repository="broctl" revision="19eb25de240b533573891fe9c5bc5bc72a92d9f2" Merge remote-tracking branch 'origin/topic/dnthayer/ticket993' Closes #993. * origin/topic/dnthayer/ticket993: Add support for the "--scriptdir" configure option }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Mon May 13 18:21:40 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 14 May 2013 01:21:40 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.bb3e690eb89f02f6be997bf9e48f53ae@tracker.bro.org> #983: Deep typing bug ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by robin): The <> syntax would work well technically but it's not something we're using yet, so I'm reluctant on that as well. I like Seth's idea with using type names. That's indeed very readable. Actually it *improves* readability; with the standard record ctor, [...], it can be hard to figure out what type it eventually coerces into. Downside is obviously that it works only for named types, but for records that's not an issue and I think there are not that many other cases where one actually needs it (the original case in this ticket is one, but I don't think it's very common). (Not sure about the "=>" syntax for tables though) -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Mon May 13 18:44:32 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 14 May 2013 01:44:32 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.408f89e54c73a7a4a8f92872ce6e47f6@tracker.bro.org> #983: Deep typing bug ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by seth): > (Not sure about the "=>" syntax for tables though) That was an accident. I meant to use the normal table syntax. :) -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Mon May 13 20:47:24 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 14 May 2013 03:47:24 -0000 Subject: [Bro-Dev] #997: Merge sqlite reader/writer Message-ID: <044.b14c830e85128102a5f366fde64e30c6@tracker.bro.org> #997: Merge sqlite reader/writer ---------------------------+------------------------ Reporter: amannb | Owner: Type: Merge Request | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ topic/bernhard/sqlite contains a sqlite logger and input reader. Both are pretty basic, but should work, basic test-cases are included; Bro does not seem to leak any memory when running those tests. It would be nice if someone could look over them / try to use them for something and see if they work outside of the few tests I created for them. We also still have to think about the problem of where to put the database files - that problem is not addressed in the current implementation. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Tue May 14 00:00:04 2013 From: noreply at bro.org (Merge Tracker) Date: Tue, 14 May 2013 00:00:04 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305140700.r4E704IP011086@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 982 [1] | jsiwek | | Low | topic/jsiwek/file-analysis [2] Bro | 997 [3] | amannb | | Low | Merge sqlite reader/writer [1] #982: http://tracker.bro.org/bro/ticket/982 [2] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [3] #997: http://tracker.bro.org/bro/ticket/997 From bro at tracker.bro.org Tue May 14 11:25:15 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 14 May 2013 18:25:15 -0000 Subject: [Bro-Dev] #998: topic/dnthayer/cleanup3 Message-ID: <046.b5083b5c379120ad66e122683c979855@tracker.bro.org> #998: topic/dnthayer/cleanup3 ---------------------------+------------------------ Reporter: dnthayer | Owner: Type: Merge Request | Status: new Priority: High | Milestone: Bro2.2 Component: BroControl | Version: git/master Keywords: | ---------------------------+------------------------ This branch contains fixes to broctl related to executing other programs, as well as a race condition in the broctl start command. Here are the one-line summaries of all commits in this branch: Fix usage of PF_RING interface containing semicolons Fix broctl exec command to check for errors Fix a race condition during broctl start Remove some dead code Fix exit status output in debug log -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Tue May 14 11:35:21 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 14 May 2013 18:35:21 -0000 Subject: [Bro-Dev] #999: BiFs to control packet reading Message-ID: <042.c79506ca2f062223b90e9655436340f9@tracker.bro.org> #999: BiFs to control packet reading -----------------------------+------------------------ Reporter: seth | Owner: Type: Feature Request | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | -----------------------------+------------------------ It would be handy to have BiFs to control packet reading if reading from a tracefile. This is coming up because someone wants to match intelligence data with the intelligence framework against tracefiles, but the intelligence loading is asynchronous so in some cases the tracefile has already finished by the time the intelligence is fully loaded. Two bifs like this would be handy: {{{ # Return true if the packet reading was "playing" function packet_reading_pause(): bool # Return true if the packet reading was "paused" function packet_reading_play(): bool }}} I think that by default Bro should in the "play" state to keep the current behavior. We could call packet_reading_pause() in bro_init or outside of an event handler to avoid reading packets after bro_init is dispatched. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Tue May 14 15:09:57 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 14 May 2013 22:09:57 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.2824f61f8c0fa7767e161d1e6589e5e6@tracker.bro.org> #983: Deep typing bug ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by jsiwek): I like the idea of allowing ctors via named types, too. A pitfall that came to mind was that it may result in more cases of running in to the issue in #248 (my proposal for a fix is explained in #327... should I flip that to a merge request? I was hesitant because there seemed like a lot of unresolved discussion already). But that's not really a new problem created by using named types as ctors, so I'll start working on adding that and see if I run in to other issues doing it that way. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Tue May 14 21:32:54 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Wed, 15 May 2013 04:32:54 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.e1cba616be3708c9ececfc12b9d29695@tracker.bro.org> #983: Deep typing bug ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by vern): Yeah, I like type names for this too. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Wed May 15 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Wed, 15 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305150700.r4F703UB021705@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 982 [1] | jsiwek | | Low | topic/jsiwek/file-analysis [2] Bro | 997 [3] | amannb | | Low | Merge sqlite reader/writer BroControl | 998 [4] | dnthayer | | High | topic/dnthayer/cleanup3 [5] [1] #982: http://tracker.bro.org/bro/ticket/982 [2] file-analysis: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/file-analysis [3] #997: http://tracker.bro.org/bro/ticket/997 [4] #998: http://tracker.bro.org/bro/ticket/998 [5] cleanup3: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/cleanup3 From bro at tracker.bro.org Wed May 15 09:37:49 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Wed, 15 May 2013 16:37:49 -0000 Subject: [Bro-Dev] #474: &raw_output turns null values into \0 In-Reply-To: <042.90caf928a006e009d5bc8e2933cc8fce@tracker.bro.org> References: <042.90caf928a006e009d5bc8e2933cc8fce@tracker.bro.org> Message-ID: <057.b02265ea54256c7691a49447ddaebe0c@tracker.bro.org> #474: &raw_output turns null values into \0 ----------------------+------------------------ Reporter: seth | Owner: jsiwek Type: Problem | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: preview ----------------------+------------------------ Comment (by robin): This generally sounds good to me. I admit that I don't have a good sense of all pontential implications, there might be some subtle ones, but assuming it doesn't break anything I'm fine applying it. Two questions: - what if a value that already has an attribute defined gets assigned to a local with an attribute. Does the latter still transfer over? Is it different depending whether it's the same attribute or not? - the one caveat I see is shared references: say one val is assigned to two locals with different values for the same attribute. It would depend on order what exactly happens, and in any case one assignment changes semantics somewhere else. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 11:04:04 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Wed, 15 May 2013 18:04:04 -0000 Subject: [Bro-Dev] #999: BiFs to control packet reading In-Reply-To: <042.c79506ca2f062223b90e9655436340f9@tracker.bro.org> References: <042.c79506ca2f062223b90e9655436340f9@tracker.bro.org> Message-ID: <057.8950d988fbf8a6631f4aafcf3647a035@tracker.bro.org> #999: BiFs to control packet reading ------------------------------+------------------------ Reporter: seth | Owner: Type: Feature Request | Status: closed Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: Rejected | Keywords: ------------------------------+------------------------ Changes (by seth): * status: new => closed * resolution: => Rejected Comment: Robin pointed out to me that we have this already. suspend_processing() and continue_process(). Closing! -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 11:38:01 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Wed, 15 May 2013 18:38:01 -0000 Subject: [Bro-Dev] #1000: Merge sample sumstat plugin Message-ID: <044.bf25be86382e15426d3721d140967af0@tracker.bro.org> #1000: Merge sample sumstat plugin ---------------------------+------------------------ Reporter: amannb | Owner: Type: Merge Request | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ topic/bernhard/metrics-samples contains a plugin for the sumstats framework which implements reservoir sampling, which gives uniformly distributed samples over the input stream. The current sample plugin which keeps a list of the last elements is renamed to last. I hope that I got the algorithm -- especially the merging -- right - but with probabilistic algorithms is is a little bit difficult to test. If someone could take a look at the observation and merge hooks and see if they agree with what I am doing I would be very grateful. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 15:22:42 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Wed, 15 May 2013 22:22:42 -0000 Subject: [Bro-Dev] #982: topic/jsiwek/file-analysis In-Reply-To: <044.62a7d3a7b87d3c82b17137642aa083a2@tracker.bro.org> References: <044.62a7d3a7b87d3c82b17137642aa083a2@tracker.bro.org> Message-ID: <059.df789993fedcfac97f26eb5502e922e5@tracker.bro.org> #982: topic/jsiwek/file-analysis ----------------------------+------------------------ Reporter: jsiwek | Owner: robin Type: Merge Request | Status: closed Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [changeset:e05064862107c1e2e1939b24fcc3445a79d73036/bro]: {{{ #!CommitTicketReference repository="bro" revision="e05064862107c1e2e1939b24fcc3445a79d73036" Merge branch 'topic/robin/file-analysis-merge' Closes #982. * topic/robin/file-analysis-merge: (64 commits) A few more small tweaks. Various smalle tweaks in preparation for merging. FileAnalysis: load custom mime magic database just once. Improve a libmagic-related error message. FileAnalysis: add is_orig field to fa_file & Info. FileAnalysis: inlined doc fixes. FileAnalysis: optimizate connection set updating. FileAnalysis: optimize file handle construction. FileAnalysis: workarounds for older libmagics. FileAnalysis: add custom libmagic database. FileAnalysis: change terminology s/action/analyzer FileAnalysis: libmagic tweaks. FileAnalysis: add bif for setting timeout interval FileAnalysis: add more params to some events. FileAnalysis: insert explicit event queue flush points. FileAnalysis: remove some file events. FileAnalysis: finish switching hooks to events. FileAnalysis: checkpoint in middle of big reorganization. FileAnalysis: fix file type canonification for file_analysis.log Revert "FileAnalysis: optimize get_file_handle event queueing." ... Conflicts: NEWS }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 15:24:05 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Wed, 15 May 2013 22:24:05 -0000 Subject: [Bro-Dev] #1001: File analysis framework tasks Message-ID: <043.9c013e245588fe246d6f8a529a01a055@tracker.bro.org> #1001: File analysis framework tasks -------------------+------------------------ Reporter: robin | Owner: jsiwek Type: Task | Status: new Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | -------------------+------------------------ The core of the framework is merged now, a few remaining TODOs (excluding any larger script-layer changes Seth plans to do): - Use just hashes internally for tracking files, not unique strings. - Remove the script-level data-injection functions, as discussed. - Hook input framework with file analysis internally, likewise as discussed. - Remove postpone_timeout, replace with set_timeout. - Extend Doxygen comments. - Once plugin branch is merged: - move IRC_Data and FTP_Data over to corresponding plugins - move file_analysis.bif down into file_analysis - move to new plugin structure and separate out the analyzers into their own directories. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 16:05:59 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Wed, 15 May 2013 23:05:59 -0000 Subject: [Bro-Dev] #1002: Merge new thread cleanup code Message-ID: <044.aeacefd901bb69438d337af478584646@tracker.bro.org> #1002: Merge new thread cleanup code ---------------------+------------------------ Reporter: amannb | Owner: Type: Problem | Status: new Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------+------------------------ topic/bernhard/thread-cleanup contains a change to the thread-cleanup code which changes how messages are exchanged on thread shutdown. The biggest change is that now messages from the thread to the parent are still executed until the child thread returns that it executed the finished message. That means the child thread can still push all its work on the queue before it is shut down. Queues are emptied by the parent thread until they receive the child thread notification that the shutdown has been processed. Before this change, all message processing was shut down the moment the master processed the finish-message, all data still in the queue from child to parent was lost. The change does not seem to have any adverse side effects, all tests still seem to pass. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 16:11:30 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Wed, 15 May 2013 23:11:30 -0000 Subject: [Bro-Dev] #1003: Private record fields Message-ID: <043.6eadd20f423a47366ac56a3a9e618d2c@tracker.bro.org> #1003: Private record fields -----------------------------+------------------------ Reporter: robin | Owner: Type: Feature Request | Status: new Priority: Low | Milestone: Bro2.3 Component: Bro | Version: git/master Keywords: | -----------------------------+------------------------ I'm wondering if we could change record extension ("redef record XXX +=" ?) so that the new fields are only publicly visible if the extension is part of an export section; if not, only the defining namespace would be able to access them. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 16:16:40 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Wed, 15 May 2013 23:16:40 -0000 Subject: [Bro-Dev] #1002: Merge new thread cleanup code In-Reply-To: <044.aeacefd901bb69438d337af478584646@tracker.bro.org> References: <044.aeacefd901bb69438d337af478584646@tracker.bro.org> Message-ID: <059.12f8a4e9076c53e9283a3bc010f3570c@tracker.bro.org> #1002: Merge new thread cleanup code ----------------------------+------------------------ Reporter: amannb | Owner: Type: Merge Request | Status: new Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by robin): * type: Problem => Merge Request -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 17:42:27 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 16 May 2013 00:42:27 -0000 Subject: [Bro-Dev] #1004: Uninitialized memory error in optimized mode Message-ID: <043.b968fc4b04c4a5526ac41e67ac445b8e@tracker.bro.org> #1004: Uninitialized memory error in optimized mode ---------------------+------------------------ Reporter: robin | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------+------------------------ Bernhard and I have started to see this on two independent Fedora 18 machines running 4.7.2: With --enable-debug, everything runs fine. Without (and hence optimization turned on), a number of btests fail. Tracking down one, the attached trace yields the following output with {{{bro -C -r 2cx26uAvUPl testing/btest/core/conn-uid.bro}}} {{{ [orig_h=4087:d701::fbf5:5d00:0:0, orig_p=0/tcp, resp_h=a078:de02::92ce:5e00:0:0, resp_p=0/tcp], rkiDR8g5bV7 [orig_h=4087:d701::fbf5:5d00:0:0, orig_p=0/tcp, resp_h=a078:de02::92ce:5e00:0:0, resp_p=0/tcp], rkiDR8g5bV7 }}} Correct is: {{{ [orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 4JRWvfGWLMa [orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 4JRWvfGWLMa }}} Valgrind reports a number of uninitialized memory error that seem related. I'm actually seeing this with 2.1 as well, so it doesn't seem to be anything recent; probably a compiler change that now triggers it. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 17:44:57 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 16 May 2013 00:44:57 -0000 Subject: [Bro-Dev] #1005: Bro doesn't pickup in-tree magic db Message-ID: <043.364de1f21651c8f6066976dfb92a5b07@tracker.bro.org> #1005: Bro doesn't pickup in-tree magic db ---------------------+------------------------ Reporter: robin | Owner: Type: Problem | Status: new Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------+------------------------ When running Bro from inside {{{build/}}}, without installing first, I get {{{ internal error: can't load magic file /usr/local/bro/share/bro/magic: could not find any magic files! Aborted }}} I can work around by setting {{{BROMAGIC=../magic/}}} but we need some way to make it work directly, like with {{{BROPATH}}}. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 17:45:41 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 16 May 2013 00:45:41 -0000 Subject: [Bro-Dev] #1004: Uninitialized memory error in optimized mode In-Reply-To: <043.b968fc4b04c4a5526ac41e67ac445b8e@tracker.bro.org> References: <043.b968fc4b04c4a5526ac41e67ac445b8e@tracker.bro.org> Message-ID: <058.b2352dc8ffc98da80e68fd49c3d70b26@tracker.bro.org> #1004: Uninitialized memory error in optimized mode ----------------------+------------------------ Reporter: robin | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Description changed by robin: Old description: > Bernhard and I have started to see this on two independent Fedora 18 > machines running 4.7.2: > > With --enable-debug, everything runs fine. Without (and hence > optimization turned on), a number of btests fail. Tracking down one, the > attached trace yields the following output with {{{bro -C -r 2cx26uAvUPl > testing/btest/core/conn-uid.bro}}} > > {{{ > [orig_h=4087:d701::fbf5:5d00:0:0, orig_p=0/tcp, > resp_h=a078:de02::92ce:5e00:0:0, resp_p=0/tcp], rkiDR8g5bV7 > [orig_h=4087:d701::fbf5:5d00:0:0, orig_p=0/tcp, > resp_h=a078:de02::92ce:5e00:0:0, resp_p=0/tcp], rkiDR8g5bV7 > }}} > > Correct is: > {{{ > [orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, > resp_p=80/tcp], 4JRWvfGWLMa > [orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, > resp_p=80/tcp], 4JRWvfGWLMa > }}} > > Valgrind reports a number of uninitialized memory error that seem > related. > > I'm actually seeing this with 2.1 as well, so it doesn't seem to be > anything recent; probably a compiler change that now triggers it. New description: Bernhard and I have started to see this on two independent Fedora 18 machines running gcc 4.7.2: With --enable-debug, everything runs fine. Without (and hence optimization turned on), a number of btests fail. Tracking down one, the attached trace yields the following output with {{{bro -C -r 2cx26uAvUPl testing/btest/core/conn-uid.bro}}} {{{ [orig_h=4087:d701::fbf5:5d00:0:0, orig_p=0/tcp, resp_h=a078:de02::92ce:5e00:0:0, resp_p=0/tcp], rkiDR8g5bV7 [orig_h=4087:d701::fbf5:5d00:0:0, orig_p=0/tcp, resp_h=a078:de02::92ce:5e00:0:0, resp_p=0/tcp], rkiDR8g5bV7 }}} Correct is: {{{ [orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 4JRWvfGWLMa [orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 4JRWvfGWLMa }}} Valgrind reports a number of uninitialized memory error that seem related. I'm actually seeing this with 2.1 as well, so it doesn't seem to be anything recent; probably a compiler change that now triggers it. -- -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 17:46:33 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 16 May 2013 00:46:33 -0000 Subject: [Bro-Dev] #1004: Uninitialized memory error in optimized mode In-Reply-To: <043.b968fc4b04c4a5526ac41e67ac445b8e@tracker.bro.org> References: <043.b968fc4b04c4a5526ac41e67ac445b8e@tracker.bro.org> Message-ID: <058.9c7c60f58eba7ef5c626e6b7991c44a4@tracker.bro.org> #1004: Uninitialized memory error in optimized mode ----------------------+------------------------ Reporter: robin | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by robin): A guess: it looks like it's in the IPAddr code somewhere, though maybe that's just a symptom. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 17:58:03 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 16 May 2013 00:58:03 -0000 Subject: [Bro-Dev] #1005: Bro doesn't pickup in-tree magic db In-Reply-To: <043.364de1f21651c8f6066976dfb92a5b07@tracker.bro.org> References: <043.364de1f21651c8f6066976dfb92a5b07@tracker.bro.org> Message-ID: <058.9a971c5c029f90cfa3f02ffb98e84935@tracker.bro.org> #1005: Bro doesn't pickup in-tree magic db ----------------------+------------------------ Reporter: robin | Owner: Type: Problem | Status: new Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by seth): > I can work around by setting {{{BROMAGIC=../magic/}}} but we need some way > to make it work directly, like with {{{BROPATH}}}. I believe that Jon added that to the bro-path-dev.sh script. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 18:11:52 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 16 May 2013 01:11:52 -0000 Subject: [Bro-Dev] #1005: Bro doesn't pickup in-tree magic db In-Reply-To: <043.364de1f21651c8f6066976dfb92a5b07@tracker.bro.org> References: <043.364de1f21651c8f6066976dfb92a5b07@tracker.bro.org> Message-ID: <058.d935e98f57318bb733968a558f5d0cee@tracker.bro.org> #1005: Bro doesn't pickup in-tree magic db -----------------------------+------------------------ Reporter: robin | Owner: Type: Problem | Status: closed Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Changes (by robin): * status: new => closed * resolution: => Solved/Applied Comment: Ha, indeed. In fact I had seen that earlier but forgot; and my wrapper script was using only bro-path-dev, not bro-path-dev.sh and hence didn't pick it up. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 18:24:32 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 16 May 2013 01:24:32 -0000 Subject: [Bro-Dev] #1003: Private record fields In-Reply-To: <043.6eadd20f423a47366ac56a3a9e618d2c@tracker.bro.org> References: <043.6eadd20f423a47366ac56a3a9e618d2c@tracker.bro.org> Message-ID: <058.ae56b301b36e3b81b6d6536c444a4a3d@tracker.bro.org> #1003: Private record fields ------------------------------+------------------------ Reporter: robin | Owner: robin Type: Feature Request | Status: closed Priority: Low | Milestone: Bro2.3 Component: Bro | Version: git/master Resolution: fixed | Keywords: ------------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [changeset:f76446fb4eb26c883e5a69b4e369734e8d06d1c1/bro]: {{{ #!CommitTicketReference repository="bro" revision="f76446fb4eb26c883e5a69b4e369734e8d06d1c1" Merge remote-tracking branch 'origin/topic/bernhard/metrics-samples' Closes #1003. * origin/topic/bernhard/metrics-samples: finishing touches, make test more robust, rename function in last again change names of data structures after talking with seth make last plugin nicer and samplify sqli detector add tests for sampler reservoir sampler. untested. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 18:24:32 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 16 May 2013 01:24:32 -0000 Subject: [Bro-Dev] #997: Merge sqlite reader/writer In-Reply-To: <044.b14c830e85128102a5f366fde64e30c6@tracker.bro.org> References: <044.b14c830e85128102a5f366fde64e30c6@tracker.bro.org> Message-ID: <059.3864af8d07f302fe41061f1692da294b@tracker.bro.org> #997: Merge sqlite reader/writer ----------------------------+------------------------ Reporter: amannb | Owner: robin Type: Merge Request | Status: closed Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [changeset:358528732c8ff35aadac121f9dc8eaead61b851d/bro]: {{{ #!CommitTicketReference repository="bro" revision="358528732c8ff35aadac121f9dc8eaead61b851d" Merge branch 'topic/robin/sqlite-merge' Closes #997. * topic/robin/sqlite-merge: (25 commits) Fix to make sqlite test consistent, and updating coverage baselines Avoid a CMake warning about 3rdparty looking like a number. Fixing linker error. and there is no has-reader. make sqlite3 executable required and add test-cases for errors Renaming src/external -> src/3rdparty fix a few small rough edges (mostly comments that do no longer apply) fix bug in input-manager regarding enums that a writer reads without 0-terminating the string actually make sqlite work again (tests passed because the writer was not actually defined because of the define.) add sqlite distribution. fix warnings, update baselines, handle rotation add sqlite tests and fix small vector/set escaping bugs fix small bug with vectors and sets. make work with newer AsciiFormatter. start adding a different text for empty records for the sqlite writer. no, you will never guess from where I copied this file... make sqlite support more or less work for logging and input make sqlite-writer more stable. make it compile with new version of AsciiInputOutput and adapt to AsciiInputOutput - seems to work... ... Conflicts: scripts/base/frameworks/input/__load__.bro src/CMakeLists.txt src/input.bif src/input/Manager.cc src/main.cc src/types.bif testing/btest/Baseline/coverage.bare-load- baseline/canonified_loaded_scripts.log testing/btest/Baseline/coverage.default-load- baseline/canonified_loaded_scripts.log }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 18:25:15 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 16 May 2013 01:25:15 -0000 Subject: [Bro-Dev] #998: topic/dnthayer/cleanup3 In-Reply-To: <046.b5083b5c379120ad66e122683c979855@tracker.bro.org> References: <046.b5083b5c379120ad66e122683c979855@tracker.bro.org> Message-ID: <061.506a858061aaaa2ca3cd75caf709838f@tracker.bro.org> #998: topic/dnthayer/cleanup3 ----------------------------+------------------------ Reporter: dnthayer | Owner: robin Type: Merge Request | Status: closed Priority: High | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [changeset:7b19aa2d40094167eed509d19103be23257d9b1f/broctl]: {{{ #!CommitTicketReference repository="broctl" revision="7b19aa2d40094167eed509d19103be23257d9b1f" Merge remote-tracking branch 'origin/topic/dnthayer/cleanup3' Closes #998. * origin/topic/dnthayer/cleanup3: Fix usage of PF_RING interface containing semicolons Fix broctl exec command to check for errors Fix a race condition during broctl start Remove some dead code Fix exit status output in debug log }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 18:25:31 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 16 May 2013 01:25:31 -0000 Subject: [Bro-Dev] #1003: Private record fields In-Reply-To: <043.6eadd20f423a47366ac56a3a9e618d2c@tracker.bro.org> References: <043.6eadd20f423a47366ac56a3a9e618d2c@tracker.bro.org> Message-ID: <058.10b092acd8e69ff7203a17fe2381391b@tracker.bro.org> #1003: Private record fields ------------------------------+------------------------ Reporter: robin | Owner: robin Type: Feature Request | Status: reopened Priority: Low | Milestone: Bro2.3 Component: Bro | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Changes (by robin): * status: closed => reopened * resolution: fixed => Comment: Oops, closed wrong ticket. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 18:26:12 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 16 May 2013 01:26:12 -0000 Subject: [Bro-Dev] #1000: Merge sample sumstat plugin In-Reply-To: <044.bf25be86382e15426d3721d140967af0@tracker.bro.org> References: <044.bf25be86382e15426d3721d140967af0@tracker.bro.org> Message-ID: <059.c0731eb8317d635a2a1533f0031cc5cf@tracker.bro.org> #1000: Merge sample sumstat plugin -----------------------------+------------------------ Reporter: amannb | Owner: Type: Merge Request | Status: closed Priority: Low | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Changes (by robin): * status: new => closed * resolution: => Solved/Applied -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 15 18:26:26 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 16 May 2013 01:26:26 -0000 Subject: [Bro-Dev] #1002: Merge new thread cleanup code In-Reply-To: <044.aeacefd901bb69438d337af478584646@tracker.bro.org> References: <044.aeacefd901bb69438d337af478584646@tracker.bro.org> Message-ID: <059.07bfe00847f9ebbc1c4817f5ea4771c6@tracker.bro.org> #1002: Merge new thread cleanup code -----------------------------+------------------------ Reporter: amannb | Owner: Type: Merge Request | Status: closed Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Changes (by robin): * status: new => closed * resolution: => Solved/Applied -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 16 13:34:21 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 16 May 2013 20:34:21 -0000 Subject: [Bro-Dev] #474: &raw_output turns null values into \0 In-Reply-To: <042.90caf928a006e009d5bc8e2933cc8fce@tracker.bro.org> References: <042.90caf928a006e009d5bc8e2933cc8fce@tracker.bro.org> Message-ID: <057.8931ac2d20ef42bf9606990260f21783@tracker.bro.org> #474: &raw_output turns null values into \0 ----------------------+------------------------ Reporter: seth | Owner: jsiwek Type: Problem | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: preview ----------------------+------------------------ Comment (by jsiwek): Replying to [comment:13 robin]: > This generally sounds good to me. I admit that I don't have a good sense of all pontential implications, there might be some subtle ones, but assuming it doesn't break anything I'm fine applying it. It's been a while, I'll have to check again to see if it seems to break any of the tests (and I think I just noticed something about it that may leak memory). > - what if a value that already has an attribute defined gets assigned to a local with an attribute. Does the latter still transfer over? Is it different depending whether it's the same attribute or not? The local variable's attributes (if it has some) do always transfer to the value during the assignment, but maybe I'd call it an "overwrite" instead of a "transfer" since the value may lose attributes in the process if the local variable did not have the same ones. And note that &persistent and &synchronized are special cases in that they associate with variables, not values, so those attrs are never get lost once a variable has them. Another weird detail is that &default for tables will cache the first evaluation of the default expression and re-use the resulting value on later lookups. This means that new &default attrs may be propagated to a table val, but it may still be using a cached value from a previous &default attr if the table had been accessed at a missing index at least once. Should we remove the caching? That would also make non-const default expressions work (doesn't look like there's anything forbidding them currently, they just work oddly due to the caching). > - the one caveat I see is shared references: say one val is assigned to two locals with different values for the same attribute. It would depend on order what exactly happens, and in any case one assignment changes semantics somewhere else. Yeah, that's weird. Maybe if attributes were more closely tied to typing and then prevent assignment between different type+attrs? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 16 15:20:12 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 16 May 2013 22:20:12 -0000 Subject: [Bro-Dev] #1006: topic/dnthayer/broctl-testing Message-ID: <046.8bdcf826e8fe87f2956d3815443d8a31@tracker.bro.org> #1006: topic/dnthayer/broctl-testing ---------------------------+------------------------ Reporter: dnthayer | Owner: Type: Merge Request | Status: new Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Keywords: | ---------------------------+------------------------ This branch contains an automated test suite for broctl. Included are tests of all broctl commands and plugins, and tests that broctl can read all three of its config files correctly. All tests rely on btest, and Makefile targets have been added to run all tests. Each test runs with its own unique Bro install prefix, so a test case does not have any affect on any others (the only exception is a small number of test cases that use broctl commands that rely on broccoli, but these have been serialized to avoid problems). There were two changes to broctl itself needed to support the test suite. First, the ability to specify the location of the broctl install via an environment variable (if not defined, then the hard-coded path is used instead) was added. Another change was to allow the manager in a cluster to be on localhost (in that case, all other nodes must also be on localhost). -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 16 19:19:39 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 17 May 2013 02:19:39 -0000 Subject: [Bro-Dev] #1007: Broctl cron message if stats/www already exists Message-ID: <042.f05f7e80733a12e497e1ad2589afe2e6@tracker.bro.org> #1007: Broctl cron message if stats/www already exists ------------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Keywords: | ------------------------+------------------------ The change to fix a dead lock issue in broctl is causing messages to come out through broctl cron. {{{ error running update-stats ['mkdir: /usr/local/bro/logs/stats/www: File exists'] }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 16 19:21:26 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 17 May 2013 02:21:26 -0000 Subject: [Bro-Dev] #1007: Broctl cron message if stats/www already exists In-Reply-To: <042.f05f7e80733a12e497e1ad2589afe2e6@tracker.bro.org> References: <042.f05f7e80733a12e497e1ad2589afe2e6@tracker.bro.org> Message-ID: <057.5a97ad4955b2a49ac0d361b0148f3ee1@tracker.bro.org> #1007: Broctl cron message if stats/www already exists -------------------------+------------------------ Reporter: seth | Owner: seth Type: Problem | Status: closed Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: fixed | Keywords: -------------------------+------------------------ Changes (by seth): * owner: => seth * status: new => closed * resolution: => fixed Comment: In [changeset:bf0b647dc6c0906efc887203f3ed46d38ab1bbbb/broctl]: {{{ #!CommitTicketReference repository="broctl" revision="bf0b647dc6c0906efc887203f3ed46d38ab1bbbb" Stop trying to create the stats/www directory if it already exists. - Added quotes to deal with spaces in directory names. - Fixes #1007 }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 16 19:21:52 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 17 May 2013 02:21:52 -0000 Subject: [Bro-Dev] #1007: Broctl cron message if stats/www already exists In-Reply-To: <042.f05f7e80733a12e497e1ad2589afe2e6@tracker.bro.org> References: <042.f05f7e80733a12e497e1ad2589afe2e6@tracker.bro.org> Message-ID: <057.9caa4d99503d45153b0b196eb19a51c8@tracker.bro.org> #1007: Broctl cron message if stats/www already exists ----------------------------+------------------------ Reporter: seth | Owner: seth Type: Merge Request | Status: reopened Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by seth): * status: closed => reopened * type: Problem => Merge Request * resolution: fixed => -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 16 20:33:07 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 17 May 2013 03:33:07 -0000 Subject: [Bro-Dev] #1007: Broctl cron message if stats/www already exists In-Reply-To: <042.f05f7e80733a12e497e1ad2589afe2e6@tracker.bro.org> References: <042.f05f7e80733a12e497e1ad2589afe2e6@tracker.bro.org> Message-ID: <057.584c70d08fa728da27c49fe712dd7b63@tracker.bro.org> #1007: Broctl cron message if stats/www already exists -----------------------------+------------------------ Reporter: seth | Owner: seth Type: Merge Request | Status: closed Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Changes (by robin): * status: reopened => closed * resolution: => Solved/Applied Comment: Applied, however I'm not sure is fixes the issue: {{{mkdir -p}}} should be safe against the directory already existing. I believe the error messages indicates that a *file* of that name exists, in which case the new {{{-d}}} test will probably fail in the same way. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 16 21:07:08 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 17 May 2013 04:07:08 -0000 Subject: [Bro-Dev] #1007: Broctl cron message if stats/www already exists In-Reply-To: <042.f05f7e80733a12e497e1ad2589afe2e6@tracker.bro.org> References: <042.f05f7e80733a12e497e1ad2589afe2e6@tracker.bro.org> Message-ID: <057.a1c6424fb7ef5517cc78bbb7de32f1e6@tracker.bro.org> #1007: Broctl cron message if stats/www already exists -----------------------------+------------------------ Reporter: seth | Owner: seth Type: Merge Request | Status: closed Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Comment (by seth): > Applied, however I'm not sure is fixes the issue: {{{mkdir -p}}} should be > safe against the directory already existing. I believe the error messages > indicates that a *file* of that name exists, in which case the new > {{{-d}}} test will probably fail in the same way. Oh, the report I got must have just been a hang over from the old problem where the accidental www file was still in place. I'm hesitant to include a line which check to see if it's a file and deletes it though (essentially as a silent update). -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 16 22:53:17 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 17 May 2013 05:53:17 -0000 Subject: [Bro-Dev] #1007: Broctl cron message if stats/www already exists In-Reply-To: <042.f05f7e80733a12e497e1ad2589afe2e6@tracker.bro.org> References: <042.f05f7e80733a12e497e1ad2589afe2e6@tracker.bro.org> Message-ID: <057.ca13a9cd9790aff30deffe63353fa032@tracker.bro.org> #1007: Broctl cron message if stats/www already exists -----------------------------+------------------------ Reporter: seth | Owner: seth Type: Merge Request | Status: closed Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Comment (by dnthayer): Replying to [comment:11 seth]: > > Applied, however I'm not sure is fixes the issue: {{{mkdir -p}}} should be > > safe against the directory already existing. I believe the error messages > > indicates that a *file* of that name exists, in which case the new > > {{{-d}}} test will probably fail in the same way. > > Oh, the report I got must have just been a hang over from the old problem where the accidental www file was still in place. I'm hesitant to include a line which check to see if it's a file and deletes it though (essentially as a silent update). Since we're using "mkdir -p www", we don't need a check if "www" is a directory (that's the point of the "-p" flag). If "www" is a file, then "mkdir -p" fails in the same way as just plain "mkdir" would, and the "-d" test doesn't make a difference in the outcome. I believe what's happening is that someone was running Bro 2.1, then the "www" file got created, then they updated to git master, and now an error message appears "mkdir: ... File exists". -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Fri May 17 00:00:02 2013 From: noreply at bro.org (Merge Tracker) Date: Fri, 17 May 2013 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305170700.r4H7023D011640@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ BroControl | 1006 [1] | dnthayer | | Medium | topic/dnthayer/broctl-testing [2] [1] #1006: http://tracker.bro.org/bro/ticket/1006 [2] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing From bro at tracker.bro.org Fri May 17 07:59:36 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 17 May 2013 14:59:36 -0000 Subject: [Bro-Dev] #1008: Fix for transaction ID reuse in DNS Message-ID: <042.56cb2f0f8fafb669d93a1a3db35f1e77@tracker.bro.org> #1008: Fix for transaction ID reuse in DNS ---------------------------+------------------------ Reporter: seth | Owner: robin Type: Merge Request | Status: new Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ The update is in topic/seth/dns-dual-trans-id-fix in the Bro repository and the external and private repositories. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 17 08:28:51 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 17 May 2013 15:28:51 -0000 Subject: [Bro-Dev] #1008: Fix for transaction ID reuse in DNS In-Reply-To: <042.56cb2f0f8fafb669d93a1a3db35f1e77@tracker.bro.org> References: <042.56cb2f0f8fafb669d93a1a3db35f1e77@tracker.bro.org> Message-ID: <057.1e9bf05dc76c6ef941f3096830139591@tracker.bro.org> #1008: Fix for transaction ID reuse in DNS ----------------------------+------------------------ Reporter: seth | Owner: robin Type: Merge Request | Status: closed Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * status: new => closed * resolution: => fixed Comment: In [changeset:1b20ae1b6efdb4e7fd74aef607a5f129f6c720ba/bro]: {{{ #!CommitTicketReference repository="bro" revision="1b20ae1b6efdb4e7fd74aef607a5f129f6c720ba" Merge remote-tracking branch 'origin/topic/seth/dns-dual-trans-id-fix' Closes #1008. * origin/topic/seth/dns-dual-trans-id-fix: Fix the issue with transaction ID reuse in a single DNS connection. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 17 15:15:28 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 17 May 2013 22:15:28 -0000 Subject: [Bro-Dev] #1004: Uninitialized memory error in optimized mode In-Reply-To: <043.b968fc4b04c4a5526ac41e67ac445b8e@tracker.bro.org> References: <043.b968fc4b04c4a5526ac41e67ac445b8e@tracker.bro.org> Message-ID: <058.4d457839fbe1145a05e04ba7104618c5@tracker.bro.org> #1004: Uninitialized memory error in optimized mode ----------------------+------------------------ Reporter: robin | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by jsiwek): I can also reproduce this on Fedora 18. But the valgrind manual says: "If you are planning to use Memcheck: On rare occasions, compiler optimisations (at -O2 and above, and sometimes -O1) have been observed to generate code which fools Memcheck into wrongly reporting uninitialised value errors, or missing uninitialised value errors." So I'd expect valgrind to report problems most accurately without optimizations enabled and it doesn't show any. The symptoms do seem like they're a memory-related mishap, though... -- Ticket URL: Bro Tracker Bro Issue Tracker From robin at icir.org Fri May 17 18:17:17 2013 From: robin at icir.org (Robin Sommer) Date: Fri, 17 May 2013 18:17:17 -0700 Subject: [Bro-Dev] Plugin branch status Message-ID: <20130518011717.GB67280@icir.org> The plugin branch is almost ready for merging, except for some clean-up and missing API docs. It does two things: (1) Move all protocol analyzers over to new infrastructure code that's structured around standalone modules (plugins): everything that's part of an analyzer is now contained to a single directory (incl. C++ code, bif, pac). Currently all these plugins are still compiled in statically but in the future (not 2.2) there will also be an option to compile individual analyzers standalone into dynamic libraries. (2) Make analyzer activation/deactivation dynamic, controllable by function calls via the new analyzer framework (dpd_config is gone). In the future, the infrastructure for (1) will also faciliate moving other components to the plugin-model as well (e.g., readers/writers, packet sources) So, my question is if I should go ahead merging this into master for 2.2. At the user-level it doesn't change much other than what relates to (2), but internally it moves things move around quite a bit, including renaming analyzers classes and introducing an analyzer namespace. I think generally that's fine, but let me know what you think. Also, there's one particular issue coming with a merge that we would need to fix: the Broxygen docs for analyzer bifs are now spread out over many files, and look pretty ugly in the generated pages. I think what we'll need to do is switching from a purely file-based model to documenting semantic groups, like a specific analyzer. I don't think this will actually be too difficult, the plugin infrastructure comes with "introspection" functinality that gives you all bif elements that a plugin defines. I believe Broxygen could just go through and turn it into one corresponding pages (see below for output of the new "-N" switch that summarizes this information for all available plugins). However, it's probably still a bit of work to get this into a nice shape. So my question is, mostly for Jon: is that something we could tackle for 2.2 final (during beta would be ok)? If that's too much work to be realistic, I'm wondering if we should postpone the plugin branch for 2.3. Robin --------- cut ------------------------------------------------------- # bro -NN [...] Plugin: Bro::FTP - FTP analyzer (built-in) [Analyzer] FTP (ANALYZER_FTP, enabled) [Analyzer] FTP_ADAT (enabled) [Event] ftp_request [Event] ftp_reply [Type] ftp_port [Function] parse_ftp_port [Function] parse_eftp_port [Function] parse_ftp_pasv [Function] parse_ftp_epsv [Function] fmt_ftp_port [...] -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin From seth at icir.org Fri May 17 19:55:16 2013 From: seth at icir.org (Seth Hall) Date: Fri, 17 May 2013 22:55:16 -0400 Subject: [Bro-Dev] Plugin branch status In-Reply-To: <20130518011717.GB67280@icir.org> References: <20130518011717.GB67280@icir.org> Message-ID: On May 17, 2013, at 9:17 PM, Robin Sommer wrote: > So, my question is if I should go ahead merging this into master for > 2.2. I say let's go for it in 2.1, except that your point about the documentation is worth considering so it sounds like it's up to Jon. :) I could go along with it either way. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ From slagell at illinois.edu Fri May 17 21:53:11 2013 From: slagell at illinois.edu (Slagell, Adam J) Date: Sat, 18 May 2013 04:53:11 +0000 Subject: [Bro-Dev] Plugin branch status In-Reply-To: References: <20130518011717.GB67280@icir.org>, Message-ID: <6BC91FC2-0052-4A9F-AA88-298733722D4C@illinois.edu> On May 17, 2013, at 10:02 PM, "Seth Hall" wrote: > On May 17, 2013, at 9:17 PM, Robin Sommer wrote: > >> So, my question is if I should go ahead merging this into master for >> 2.2. > > I say let's go for it in 2.1, except that your point about the documentation is worth considering so it sounds like it's up to Jon. :) I would lean towards go for it even if there is not enough time in the beta to address the broxygen issues. From noreply at bro.org Sat May 18 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Sat, 18 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305180700.r4I7030i002647@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ BroControl | 1006 [1] | dnthayer | | Medium | topic/dnthayer/broctl-testing [2] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 65b5647 | Bernhard Amann | 2013-05-17 | (hopefully) fix mutex lock problem. [3] [1] #1006: http://tracker.bro.org/bro/ticket/1006 [2] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing [3] fastpath: http://tracker.bro.org/bro/changeset/65b56479d2c0ee89231f2b3e9c21533f410bdddb/bro From noreply at bro.org Sun May 19 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Sun, 19 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305190700.r4J703Ja012938@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ BroControl | 1006 [1] | dnthayer | | Medium | topic/dnthayer/broctl-testing [2] [1] #1006: http://tracker.bro.org/bro/ticket/1006 [2] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing From bro at tracker.bro.org Sun May 19 13:05:25 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Sun, 19 May 2013 20:05:25 -0000 Subject: [Bro-Dev] #970: broctl stop/restart eating logs? In-Reply-To: <043.5d6412f7ce4509d8495a47e06660809a@tracker.bro.org> References: <043.5d6412f7ce4509d8495a47e06660809a@tracker.bro.org> Message-ID: <058.0a25e5844b73a7210468722dfae221ce@tracker.bro.org> #970: broctl stop/restart eating logs? -----------------------------+------------------------ Reporter: robin | Owner: dnthayer Type: Problem | Status: assigned Priority: High | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Comment (by dnthayer): Replying to [comment:9 robin]: > > The fix for preventing the premature delete looks a bit brittle to me. > What if the archving needs longer than the time the script is waiting? > With huge log files that can happen. Also, relying on all '*.*-*.log' > go away makes me feal uneasy. If a log file takes more than 10 minutes (this number was chosen arbitrarily) to archive, then the tmp directory simply doesn't get deleted. In that case the problem is we don't know if archive-log is just slow or if it terminated prematurely (in which case the log file would never be archived, no matter how long we wait). > Here's an alternative idea: > > - change archive-log to create a file ".archive- log.running..tmp" > at startup, where pid is the PID of the archive-log instance. At > termination, remove that file. > > - in post-terminate, wait until all ".archive-log.running.*.tmp" > are gone, but keep checking if the PIDs are still active > (easiest if the PID writing into the tmp file as well). If not, > remove the file manually. > > Do you think that would work? If archive-log manages its own PID file, then we can get rid of the arbitrary 10 minute maximum waiting time, and just wait however long it takes for archive-log to finish. I will push this change soon. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Sun May 19 15:24:04 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Sun, 19 May 2013 22:24:04 -0000 Subject: [Bro-Dev] #970: broctl stop/restart eating logs? In-Reply-To: <043.5d6412f7ce4509d8495a47e06660809a@tracker.bro.org> References: <043.5d6412f7ce4509d8495a47e06660809a@tracker.bro.org> Message-ID: <058.a61836b0fbaf2618642df20dd6fb3943@tracker.bro.org> #970: broctl stop/restart eating logs? -----------------------------+------------------------ Reporter: robin | Owner: dnthayer Type: Problem | Status: assigned Priority: High | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Comment (by Daniel Thayer ): In [changeset:fd39a32b3b04cff63625be97bd74f9298b19081a/broctl]: {{{ #!CommitTicketReference repository="broctl" revision="fd39a32b3b04cff63625be97bd74f9298b19081a" Add PID file management to archive-log script Added PID file management to the archive-log script. This is used by the post-terminate script to monitor the status of the archive-log processes while post-terminate is waiting to remove the tmp directory. Removed the arbitrary 10 minute timeout from the post-terminate script. Instead, now post-terminate will wait as long as there is at least one instance of archive-log running. Addresses #970. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Sun May 19 15:25:16 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Sun, 19 May 2013 22:25:16 -0000 Subject: [Bro-Dev] #970: broctl stop/restart eating logs? In-Reply-To: <043.5d6412f7ce4509d8495a47e06660809a@tracker.bro.org> References: <043.5d6412f7ce4509d8495a47e06660809a@tracker.bro.org> Message-ID: <058.347dcb4f6c6ae044d07f0cdf3a7aade2@tracker.bro.org> #970: broctl stop/restart eating logs? -----------------------------+------------------------ Reporter: robin | Owner: dnthayer Type: Merge Request | Status: assigned Priority: High | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Changes (by dnthayer): * type: Problem => Merge Request -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Mon May 20 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Mon, 20 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305200700.r4K703YU017843@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ BroControl | 970 [1] | robin | dnthayer | High | broctl stop/restart eating logs? BroControl | 1006 [2] | dnthayer | | Medium | topic/dnthayer/broctl-testing [3] [1] #970: http://tracker.bro.org/bro/ticket/970 [2] #1006: http://tracker.bro.org/bro/ticket/1006 [3] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing From jsiwek at illinois.edu Mon May 20 07:43:52 2013 From: jsiwek at illinois.edu (Siwek, Jonathan Luke) Date: Mon, 20 May 2013 14:43:52 +0000 Subject: [Bro-Dev] Plugin branch status In-Reply-To: <20130518011717.GB67280@icir.org> References: <20130518011717.GB67280@icir.org> Message-ID: On May 17, 2013, at 8:17 PM, Robin Sommer wrote: > > So my question is, mostly for Jon: is that something we could tackle > for 2.2 final (during beta would be ok)? It will probably be fine as long as we're doing a "when it's ready" final release and not some specific deadline. If it's the later, I'll have to look more at what will be involved before I can say. - Jon From seth at icir.org Mon May 20 08:19:22 2013 From: seth at icir.org (Seth Hall) Date: Mon, 20 May 2013 11:19:22 -0400 Subject: [Bro-Dev] Plugin branch status In-Reply-To: References: <20130518011717.GB67280@icir.org> Message-ID: <996FF1A9-929E-4C00-A6F8-D2E0126BDDB8@icir.org> On May 20, 2013, at 10:43 AM, "Siwek, Jonathan Luke" wrote: > It will probably be fine as long as we're doing a "when it's ready" final release and not some specific deadline. If it's the later, I'll have to look more at what will be involved before I can say. I'm ok with sticking with soft timetables on this. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ From noreply at bro.org Tue May 21 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Tue, 21 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305210700.r4L7039D003299@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ BroControl | 970 [1] | robin | dnthayer | High | broctl stop/restart eating logs? BroControl | 1006 [2] | dnthayer | | Medium | topic/dnthayer/broctl-testing [3] [1] #970: http://tracker.bro.org/bro/ticket/970 [2] #1006: http://tracker.bro.org/bro/ticket/1006 [3] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing From bro at tracker.bro.org Tue May 21 14:50:09 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 21 May 2013 21:50:09 -0000 Subject: [Bro-Dev] #988: Bug in HTTP body extraction In-Reply-To: <046.e98622bfacb442ab1adf8a4c4fe0b381@tracker.bro.org> References: <046.e98622bfacb442ab1adf8a4c4fe0b381@tracker.bro.org> Message-ID: <061.6fb9b5ee381b32c54f7e2f4f18d06eac@tracker.bro.org> #988: Bug in HTTP body extraction -----------------------+--------------------------- Reporter: matthias | Owner: seth Type: Problem | Status: new Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: file-analysis -----------------------+--------------------------- Comment (by jsiwek): In [changeset:705a84d688fc0726459acca732a57156afad4b06/bro]: {{{ #!CommitTicketReference repository="bro" revision="705a84d688fc0726459acca732a57156afad4b06" Improve tracking of HTTP file extraction (addresses #988). http.log now has files taken from request and response bodies in different fields for each, and can now track multiple files per body. That is, the "extraction_file" field is now "extracted_request_files" and "extracted_response_files". }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Tue May 21 19:48:18 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Wed, 22 May 2013 02:48:18 -0000 Subject: [Bro-Dev] #1009: topic/seth/sumstats-updates Message-ID: <042.2b22d49ed7469e76bedeb32025fc0d18@tracker.bro.org> #1009: topic/seth/sumstats-updates ---------------------------+------------------------ Reporter: seth | Owner: robin Type: Merge Request | Status: new Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ Lots of smallish updates in this one. I think I've addressed all of the nits that Robin pointed out in sumstats too. The external test suites didn't require any updates so no merged in those repositories. Some commit notes follow: - On-demand access to sumstats results through "return from" functions named SumStats::request and Sumstats::request_key. Both functions are tested in standalone and clustered modes. - $name field has returned to SumStats which simplifies cluster code and makes the on-demand access stuff possible. - Clustered results can only be collected for 1 minute from their time of creation now instead of time of last read. - Thresholds use doubles instead of counts everywhere now. - Calculation dependency resolution occurs at start up time now instead of doing it at observation time which provide a minor cpu performance improvement. A new plugin registration mechanism was created to support this change. - AppStats now has a minimal doc string and is broken into hook-based plugins. - AppStats and traceroute detection added to local.bro -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Wed May 22 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Wed, 22 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305220700.r4M703gd031431@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 1009 [1] | seth | robin | Medium | topic/seth/sumstats-updates [2] BroControl | 970 [3] | robin | dnthayer | High | broctl stop/restart eating logs? BroControl | 1006 [4] | dnthayer | | Medium | topic/dnthayer/broctl-testing [5] [1] #1009: http://tracker.bro.org/bro/ticket/1009 [2] sumstats-updates: http://tracker.bro.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/seth/sumstats-updates [3] #970: http://tracker.bro.org/bro/ticket/970 [4] #1006: http://tracker.bro.org/bro/ticket/1006 [5] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing From bro at tracker.bro.org Wed May 22 14:08:46 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Wed, 22 May 2013 21:08:46 -0000 Subject: [Bro-Dev] #996: CPU pinning In-Reply-To: <042.eaea9533afae2379ec4b049cde3a3a5d@tracker.bro.org> References: <042.eaea9533afae2379ec4b049cde3a3a5d@tracker.bro.org> Message-ID: <057.341e72595ebe61982a16b689482d8867@tracker.bro.org> #996: CPU pinning ------------------------------+------------------------ Reporter: seth | Owner: dnthayer Type: Feature Request | Status: new Priority: High | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Comment (by Daniel Thayer ): In [changeset:95d1f8d1caf00af973a1e2631703ea4edd5b6cdc/broctl]: {{{ #!CommitTicketReference repository="broctl" revision="95d1f8d1caf00af973a1e2631703ea4edd5b6cdc" Add support for CPU pinning Added support for CPU pinning. To use CPU pinning, a new per-node option "pin_cpus" must be specified in node.cfg, and the OS must be either Linux or FreeBSD (if such a node.cfg is used on another OS, then the "pin_cpus" option is ignored). CPU pinning only applies to Bro itself, not to other processes that might be executed (such as helper scripts). If the user specifies an invalid CPU number, then the affected Bro processes will not start, and an error message will be visible with the broctl diag command. Addresses #996. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 22 15:21:06 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Wed, 22 May 2013 22:21:06 -0000 Subject: [Bro-Dev] #920: Have broctl return useful exit codes In-Reply-To: <048.810250bf9909bb4bfc0a6a9683024571@tracker.bro.org> References: <048.810250bf9909bb4bfc0a6a9683024571@tracker.bro.org> Message-ID: <063.299ae3ac3cb6e952eb48c1a95b70fbf6@tracker.bro.org> #920: Have broctl return useful exit codes -------------------------+------------------------ Reporter: grigorescu | Owner: dnthayer Type: Patch | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: -------------------------+------------------------ Comment (by Daniel Thayer ): In [changeset:4274c596d7429c299467130d8816ea97aebe25bc/broctl]: {{{ #!CommitTicketReference repository="broctl" revision="4274c596d7429c299467130d8816ea97aebe25bc" Have broctl return a useful exit code Applied patch from Vlad Grigorescu. Addresses #920. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Wed May 22 15:25:21 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Wed, 22 May 2013 22:25:21 -0000 Subject: [Bro-Dev] #996: CPU pinning In-Reply-To: <042.eaea9533afae2379ec4b049cde3a3a5d@tracker.bro.org> References: <042.eaea9533afae2379ec4b049cde3a3a5d@tracker.bro.org> Message-ID: <057.288768cd2642a07b65ecfa5322bdf0b4@tracker.bro.org> #996: CPU pinning ----------------------------+------------------------ Reporter: seth | Owner: dnthayer Type: Merge Request | Status: new Priority: High | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by dnthayer): * type: Feature Request => Merge Request -- Ticket URL: Bro Tracker Bro Issue Tracker From seth at icir.org Wed May 22 18:59:28 2013 From: seth at icir.org (Seth Hall) Date: Wed, 22 May 2013 21:59:28 -0400 Subject: [Bro-Dev] [Bro-Commits] [git/broctl] topic/dnthayer/cpupin: Add support for CPU pinning (95d1f8d) In-Reply-To: <201305222108.r4ML8keZ015737@bro-ids.icir.org> References: <201305222108.r4ML8keZ015737@bro-ids.icir.org> Message-ID: Thanks for taking on this ticket! I have a few questions though. - Why did you choose not to implement this as a plugin? - Regarding the "Make sure list is at least as long as number of worker processes" comment, does it make more sense to do it that way, or to loop back around to the beginning of the list, or to leave the extra processes unpinned? I think I can understand why you did it that way and I think I might agree actually. - What was the reason for running Bro with the cpu pinning program instead of allowing the process to start and then pinning it? Thanks! .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ From bro at tracker.bro.org Wed May 22 19:07:17 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 23 May 2013 02:07:17 -0000 Subject: [Bro-Dev] #1009: topic/seth/sumstats-updates In-Reply-To: <042.2b22d49ed7469e76bedeb32025fc0d18@tracker.bro.org> References: <042.2b22d49ed7469e76bedeb32025fc0d18@tracker.bro.org> Message-ID: <057.27f749a33623a132856ad74489185cac@tracker.bro.org> #1009: topic/seth/sumstats-updates ----------------------+------------------------ Reporter: seth | Owner: robin Type: Problem | Status: new Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Changes (by seth): * type: Merge Request => Problem Comment: I'm still seeing trouble with this (manager memory) so I'm going to delay the merge request. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Thu May 23 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Thu, 23 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305230700.r4N702Jr029752@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ BroControl | 970 [1] | robin | dnthayer | High | broctl stop/restart eating logs? BroControl | 996 [2] | seth | dnthayer | High | CPU pinning BroControl | 1006 [3] | dnthayer | | Medium | topic/dnthayer/broctl-testing [4] [1] #970: http://tracker.bro.org/bro/ticket/970 [2] #996: http://tracker.bro.org/bro/ticket/996 [3] #1006: http://tracker.bro.org/bro/ticket/1006 [4] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing From robin at icir.org Thu May 23 16:11:11 2013 From: robin at icir.org (Robin Sommer) Date: Thu, 23 May 2013 16:11:11 -0700 Subject: [Bro-Dev] Plugin branch status In-Reply-To: <996FF1A9-929E-4C00-A6F8-D2E0126BDDB8@icir.org> References: <20130518011717.GB67280@icir.org> <996FF1A9-929E-4C00-A6F8-D2E0126BDDB8@icir.org> Message-ID: <20130523231111.GV8596@icir.org> On Mon, May 20, 2013 at 11:19 -0400, you wrote: > I'm ok with sticking with soft timetables on this. Fine with me too. I'll go ahead thyen and get the branch into mergeable state. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin From noreply at bro.org Fri May 24 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Fri, 24 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305240700.r4O703ST031126@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ BroControl | 970 [1] | robin | dnthayer | High | broctl stop/restart eating logs? BroControl | 996 [2] | seth | dnthayer | High | CPU pinning BroControl | 1006 [3] | dnthayer | | Medium | topic/dnthayer/broctl-testing [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | e459335 | Jon Siwek | 2013-05-23 | Fix broken/missing documentation. [5] [1] #970: http://tracker.bro.org/bro/ticket/970 [2] #996: http://tracker.bro.org/bro/ticket/996 [3] #1006: http://tracker.bro.org/bro/ticket/1006 [4] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing [5] fastpath: http://tracker.bro.org/bro/changeset/e45933562e15a1af1ecd50bf0e8c0a4de02b4c3f/bro From nicolas.retrain at cea.fr Fri May 24 02:04:35 2013 From: nicolas.retrain at cea.fr (nicolas.retrain at cea.fr) Date: Fri, 24 May 2013 11:04:35 +0200 Subject: [Bro-Dev] SMB analyzer Message-ID: <519F2D23.3020009@cea.fr> Hi, sorry to bother you again. Today I am looking at the SMB Analyzer, and I have few questions. -Why did you choose to anlayse the SNIA-CIFS version, and not the others ? (http://www.cifs.org/wiki/SMB/CIFS_References). Some of them have new dialects and don't match anymore :s . (I know, the SMB documentation is a real mess.. ). -Some events are not well written into the event.bif : For instance, the smb_com_negotiate event is build with 3 arguments 336 vl->append(analyzer->BuildConnVal()); 337 vl->append(BuildHeaderVal(hdr)); 338 vl->append(t); // which are the possible dialects 339 340 analyzer->ConnectionEvent(smb_com_negotiate, vl); But in the event.bif the event is declared as follow without the last argument: 3851 event smb_com_negotiate%(c: connection, hdr: smb_hdr%); -If I would add some parts of an other dialect, how should I implement it ? Add a dialect field in the SMB_session, and duplicate binpac if the protocols are different? Nicolas From seth at icir.org Fri May 24 06:32:34 2013 From: seth at icir.org (Seth Hall) Date: Fri, 24 May 2013 09:32:34 -0400 Subject: [Bro-Dev] SMB analyzer In-Reply-To: <519F2D23.3020009@cea.fr> References: <519F2D23.3020009@cea.fr> Message-ID: <5B06836D-DB5D-488E-9DDB-69963E327975@icir.org> On May 24, 2013, at 5:04 AM, nicolas.retrain at cea.fr wrote: > Today I am looking at the SMB Analyzer, and I have few questions. > -Why did you choose to anlayse the SNIA-CIFS version, and not the others > ? (http://www.cifs.org/wiki/SMB/CIFS_References). Some of them have new > dialects and don't match anymore :s . (I know, the SMB documentation is > a real mess.. ). Why do you say that we are implementing the SNIA-CIFS version? > -Some events are not well written into the event.bif : > For instance, the smb_com_negotiate event is build with 3 arguments What's in the release is not where the current development is. The current version of the development is in the topic/seth/smb-smb2-work branch. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ From nicolas.retrain at cea.fr Fri May 24 06:58:03 2013 From: nicolas.retrain at cea.fr (nicolas.retrain at cea.fr) Date: Fri, 24 May 2013 15:58:03 +0200 Subject: [Bro-Dev] SMB analyzer In-Reply-To: <5B06836D-DB5D-488E-9DDB-69963E327975@icir.org> References: <519F2D23.3020009@cea.fr> <5B06836D-DB5D-488E-9DDB-69963E327975@icir.org> Message-ID: <519F71EB.8040602@cea.fr> Le 24/05/2013 15:32, Seth Hall a ?crit : > On May 24, 2013, at 5:04 AM, nicolas.retrain at cea.fr wrote: > >> Today I am looking at the SMB Analyzer, and I have few questions. >> -Why did you choose to anlayse the SNIA-CIFS version, and not the others >> ? (http://www.cifs.org/wiki/SMB/CIFS_References). Some of them have new >> dialects and don't match anymore :s . (I know, the SMB documentation is >> a real mess.. ). > Why do you say that we are implementing the SNIA-CIFS version? Because the version is given in the SMB.h file. Also, I have started to compare the SNIA documentation with the binpac code, and I confirm the SNIA version. > >> -Some events are not well written into the event.bif : >> For instance, the smb_com_negotiate event is build with 3 arguments > > What's in the release is not where the current development is. The current version of the development is in the topic/seth/smb-smb2-work branch. ho.. so someone is still working on it? It has changed a lot, I will look closer at this branch. It will be merged for the next release? Nicolas > .Seth > > -- > Seth Hall > International Computer Science Institute > (Bro) because everyone has a network > http://www.bro.org/ > From seth at icir.org Fri May 24 07:13:26 2013 From: seth at icir.org (Seth Hall) Date: Fri, 24 May 2013 10:13:26 -0400 Subject: [Bro-Dev] SMB analyzer In-Reply-To: <519F71EB.8040602@cea.fr> References: <519F2D23.3020009@cea.fr> <5B06836D-DB5D-488E-9DDB-69963E327975@icir.org> <519F71EB.8040602@cea.fr> Message-ID: <192E5C61-52A6-4455-9750-1DE7D54C05B2@icir.org> On May 24, 2013, at 9:58 AM, nicolas.retrain at cea.fr wrote: >> What's in the release is not where the current development is. The current version of the development is in the topic/seth/smb-smb2-work branch. > ho.. so someone is still working on it? It has changed a lot, I will look closer at this branch. > It will be merged for the next release? I've been working on it for a while, but I've been delayed lately so that we could integrate the SMB analyzer with the upcoming file analysis framework. It's not going to be ready for the next release, but it's still planned for future release. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ From bro at tracker.bro.org Fri May 24 10:14:37 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 24 May 2013 17:14:37 -0000 Subject: [Bro-Dev] #1010: BroControl plugin for adding environment variables Message-ID: <042.6f4e2d24401d8353a46d8eb4e4a37862@tracker.bro.org> #1010: BroControl plugin for adding environment variables -----------------------------+------------------------ Reporter: seth | Owner: dnthayer Type: Feature Request | Status: new Priority: Medium | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | -----------------------------+------------------------ We should have the ability to add environment variables to Bro at start up time. The option should be available globally in broctl.cfg and per-node in node.cfg. The environments variables should be applied to the process with priority based on how specific the variable is applied (per-node variables defined after global variables so that the per-node variable is used). As a name suggestion for the configuration option: env_vars (same name in node.cfg and broctl.cfg). -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 24 10:14:44 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 24 May 2013 17:14:44 -0000 Subject: [Bro-Dev] #1010: BroControl plugin for adding environment variables In-Reply-To: <042.6f4e2d24401d8353a46d8eb4e4a37862@tracker.bro.org> References: <042.6f4e2d24401d8353a46d8eb4e4a37862@tracker.bro.org> Message-ID: <057.1941ff99f8aa46bc780b10f08a791461@tracker.bro.org> #1010: BroControl plugin for adding environment variables ------------------------------+------------------------ Reporter: seth | Owner: dnthayer Type: Feature Request | Status: new Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Changes (by seth): * component: Bro => BroControl -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 24 11:31:28 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 24 May 2013 18:31:28 -0000 Subject: [Bro-Dev] #1010: BroControl plugin for adding environment variables In-Reply-To: <042.6f4e2d24401d8353a46d8eb4e4a37862@tracker.bro.org> References: <042.6f4e2d24401d8353a46d8eb4e4a37862@tracker.bro.org> Message-ID: <057.623ef73bcbe2f87f0644aaa1b2d15e14@tracker.bro.org> #1010: BroControl plugin for adding environment variables ------------------------------+------------------------ Reporter: seth | Owner: dnthayer Type: Feature Request | Status: new Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Comment (by dnthayer): I've attached an example plugin to demonstrate what users can do now (just copy it to the plugins directory; no other changes needed). Is there some additional functionality that is needed? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 24 11:37:19 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 24 May 2013 18:37:19 -0000 Subject: [Bro-Dev] #1010: BroControl plugin for adding environment variables In-Reply-To: <042.6f4e2d24401d8353a46d8eb4e4a37862@tracker.bro.org> References: <042.6f4e2d24401d8353a46d8eb4e4a37862@tracker.bro.org> Message-ID: <057.e81fefb6f1a0eed8d332b7b5b62fd631@tracker.bro.org> #1010: BroControl plugin for adding environment variables ------------------------------+------------------------ Reporter: seth | Owner: dnthayer Type: Feature Request | Status: new Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Comment (by seth): > I've attached an example plugin to demonstrate what users can do now > (just copy it to the plugins directory; no other changes needed). > > Is there some additional functionality that is needed? Cool, could you abstract that a bit more so that we could have an env_vars configuration option? Like in nodes.cfs: {{{ [worker-1] type=worker host=host3 interface=eth0 lb_method=myricom lb_procs=10 env_var=SOME_VAR=4 env_var=ANOTHER_VAR=test }}} And you could have this in broctl.cfg: {{{ env_vars="SOME_VAR=4 ANOTHER_VAR=test" }}} There is probably some detail involving the quotes that I'm getting wrong, but I think the idea gets across. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Fri May 24 18:10:19 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Sat, 25 May 2013 01:10:19 -0000 Subject: [Bro-Dev] #970: broctl stop/restart eating logs? In-Reply-To: <043.5d6412f7ce4509d8495a47e06660809a@tracker.bro.org> References: <043.5d6412f7ce4509d8495a47e06660809a@tracker.bro.org> Message-ID: <058.e40bc832c556013e89fb38d3e61dc18a@tracker.bro.org> #970: broctl stop/restart eating logs? ----------------------------+------------------------ Reporter: robin | Owner: dnthayer Type: Merge Request | Status: closed Priority: High | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * status: assigned => closed * resolution: Solved/Applied => fixed Comment: In [changeset:0965069a1bb66161bf5b01fd8f39df77d248ee8b/broctl]: {{{ #!CommitTicketReference repository="broctl" revision="0965069a1bb66161bf5b01fd8f39df77d248ee8b" Merge remote-tracking branch 'origin/topic/dnthayer/bug970' Reducing the "sleep" time to 1s. Closes #970 * origin/topic/dnthayer/bug970: Add PID file management to archive-log script Allow multiple conn-summary.log files to be processed Prevent deletion of unarchived logs during broctl stop }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Sat May 25 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Sat, 25 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305250700.r4P703v4008580@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ BroControl | 996 [1] | seth | dnthayer | High | CPU pinning BroControl | 1006 [2] | dnthayer | | Medium | topic/dnthayer/broctl-testing [3] [1] #996: http://tracker.bro.org/bro/ticket/996 [2] #1006: http://tracker.bro.org/bro/ticket/1006 [3] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing From bro at tracker.bro.org Sat May 25 08:00:03 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Sat, 25 May 2013 15:00:03 -0000 Subject: [Bro-Dev] #996: CPU pinning In-Reply-To: <042.eaea9533afae2379ec4b049cde3a3a5d@tracker.bro.org> References: <042.eaea9533afae2379ec4b049cde3a3a5d@tracker.bro.org> Message-ID: <057.3cab5bb9bdd9864373b201838f8d6447@tracker.bro.org> #996: CPU pinning -----------------------------+------------------------ Reporter: seth | Owner: dnthayer Type: Merge Request | Status: closed Priority: High | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Changes (by robin): * status: new => closed * resolution: => Solved/Applied -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Sun May 26 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Sun, 26 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305260700.r4Q703K3030044@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ BroControl | 1006 [1] | dnthayer | | Medium | topic/dnthayer/broctl-testing [2] [1] #1006: http://tracker.bro.org/bro/ticket/1006 [2] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing From noreply at bro.org Mon May 27 00:00:02 2013 From: noreply at bro.org (Merge Tracker) Date: Mon, 27 May 2013 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305270700.r4R702re010492@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ BroControl | 1006 [1] | dnthayer | | Medium | topic/dnthayer/broctl-testing [2] [1] #1006: http://tracker.bro.org/bro/ticket/1006 [2] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing From bro at tracker.bro.org Mon May 27 07:20:31 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Mon, 27 May 2013 14:20:31 -0000 Subject: [Bro-Dev] #1011: username/password authentication for SOCKS5 Message-ID: <045.456bd7abeb961c0f99dc5d162a4c570e@tracker.bro.org> #1011: username/password authentication for SOCKS5 ------------------------+------------------- Reporter: nicolas | Type: Patch Status: new | Priority: Low Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: ------------------------+------------------- Patch the bug explained below : It appears using the username authentication with SOCKS 5. After the client and the server have chosen the username authentication, the client has to send the following packet : Client request (RFC 1929) : +----+------+----------+------+----------+ |VER | ULEN | UNAME | PLEN | PASSWD | +----+------+----------+------+----------+ | 1 | 1 | 1 to 255 | 1 | 1 to 255 | +----+------+----------+------+----------+ Here the first byte must be 0x1, it specifies the version of the authentication mechanisme, not the SOCKS version (0x5) like in all others packets. However in the socks-protocol.pac the type SOCKS_Version never parses data if the first byte is 0x1, and it goes to an error. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Tue May 28 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Tue, 28 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305280700.r4S703T7030437@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ BroControl | 1006 [1] | dnthayer | | Medium | topic/dnthayer/broctl-testing [2] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | bcc81a1 | Bernhard Amann | 2013-05-27 | Sorry, that libmagic version actually might have some problems - at least on the linux distribution I have access to. So... it was a bad idea. [3] bro | 04dd363 | Bernhard Amann | 2013-05-27 | accept libmagic starting from 5.03 [4] [1] #1006: http://tracker.bro.org/bro/ticket/1006 [2] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing [3] fastpath: http://tracker.bro.org/bro/changeset/bcc81a1a143c2715240e9822c0c52760bc9b5006/bro [4] fastpath: http://tracker.bro.org/bro/changeset/04dd363279283c56d205f0979aaa09aa70409391/bro From vallentin at icir.org Tue May 28 12:34:15 2013 From: vallentin at icir.org (Matthias Vallentin) Date: Tue, 28 May 2013 12:34:15 -0700 Subject: [Bro-Dev] Serialization type of internal data structures Message-ID: I am in the process of making a bit vector class serializable, but this class does not directly correspond to a value at script land, rather, Bloom filters will use this data structure internally. Making a class serializable involves adding a new unique identifier in SerialTypes.h. However, I am unsure which macro to use for the bit vector class, which serves as internal building block not exposed to script land. (That is, SERIAL_VAL would not make sense.) Would SERIAL_CONST2 coupled with SERIAL_IS fit here? Matthias From bro at tracker.bro.org Tue May 28 14:26:54 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Tue, 28 May 2013 21:26:54 -0000 Subject: [Bro-Dev] #1004: Uninitialized memory error in optimized mode In-Reply-To: <043.b968fc4b04c4a5526ac41e67ac445b8e@tracker.bro.org> References: <043.b968fc4b04c4a5526ac41e67ac445b8e@tracker.bro.org> Message-ID: <058.3072ab5044dc247dc4e9fc4bd2339a6a@tracker.bro.org> #1004: Uninitialized memory error in optimized mode ----------------------+------------------------ Reporter: robin | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by jsiwek): In [changeset:22a4113ac3e0a9c977fd51f429c385ba0f2ea1a2/bro]: {{{ #!CommitTicketReference repository="bro" revision="22a4113ac3e0a9c977fd51f429c385ba0f2ea1a2" Dangling pointer fix. Addresses #1004. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Wed May 29 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Wed, 29 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305290700.r4T703ga005068@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ BroControl | 1006 [1] | dnthayer | | Medium | topic/dnthayer/broctl-testing [2] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 22a4113 | Jon Siwek | 2013-05-28 | Dangling pointer fix. Addresses #1004. [3] bro | bcc81a1 | Bernhard Amann | 2013-05-27 | Sorry, that libmagic version actually might have some problems - at least on the linux distribution I have access to. So... it was a bad idea. [4] bro | 04dd363 | Bernhard Amann | 2013-05-27 | accept libmagic starting from 5.03 [5] [1] #1006: http://tracker.bro.org/bro/ticket/1006 [2] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing [3] fastpath: http://tracker.bro.org/bro/changeset/22a4113ac3e0a9c977fd51f429c385ba0f2ea1a2/bro [4] fastpath: http://tracker.bro.org/bro/changeset/bcc81a1a143c2715240e9822c0c52760bc9b5006/bro [5] fastpath: http://tracker.bro.org/bro/changeset/04dd363279283c56d205f0979aaa09aa70409391/bro From bro at tracker.bro.org Wed May 29 08:02:16 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Wed, 29 May 2013 15:02:16 -0000 Subject: [Bro-Dev] #1004: Uninitialized memory error in optimized mode In-Reply-To: <043.b968fc4b04c4a5526ac41e67ac445b8e@tracker.bro.org> References: <043.b968fc4b04c4a5526ac41e67ac445b8e@tracker.bro.org> Message-ID: <058.787b200f8230f38b197462275305b9bc@tracker.bro.org> #1004: Uninitialized memory error in optimized mode ----------------------+------------------------ Reporter: robin | Owner: robin Type: Problem | Status: closed Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [changeset:965a26e447267086f53541c534b95eeca12fee9c/bro]: {{{ #!CommitTicketReference repository="bro" revision="965a26e447267086f53541c534b95eeca12fee9c" Merge remote-tracking branch 'origin/fastpath' Closes #1004. Great job tracking this down! * origin/fastpath: Dangling pointer fix. Addresses #1004. Sorry, that libmagic version actually might have some problems - at least on the linux distribution I have access to. So... it was a bad idea. accept libmagic starting from 5.03 }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Thu May 30 00:00:05 2013 From: noreply at bro.org (Merge Tracker) Date: Thu, 30 May 2013 00:00:05 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305300700.r4U705Qr028152@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ BroControl | 1006 [1] | dnthayer | | Medium | topic/dnthayer/broctl-testing [2] [1] #1006: http://tracker.bro.org/bro/ticket/1006 [2] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing From bro at tracker.bro.org Thu May 30 09:59:11 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 30 May 2013 16:59:11 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.1965f5b415096f1778f90c137a4d3bca@tracker.bro.org> #983: Deep typing bug ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by jsiwek): In [changeset:a0ad87b4c2ac9c1028d7c22f231d57c5d6fa5184/bro]: {{{ #!CommitTicketReference repository="bro" revision="a0ad87b4c2ac9c1028d7c22f231d57c5d6fa5184" Allow named record constructors. Addresses #983. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 30 09:59:11 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 30 May 2013 16:59:11 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.4793096366969e0ae7f258c78747205f@tracker.bro.org> #983: Deep typing bug ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by jsiwek): In [changeset:bcf5c41786d981b04ed62629fb8db03677f3e700/bro]: {{{ #!CommitTicketReference repository="bro" revision="bcf5c41786d981b04ed62629fb8db03677f3e700" Allow named table constructors. Addresses #983. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 30 09:59:11 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 30 May 2013 16:59:11 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.4eab7b7636e9756cfaa46d2a29e5a804@tracker.bro.org> #983: Deep typing bug ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by jsiwek): In [changeset:a66b7380b6690003c1b0f321f4f7459a8469a901/bro]: {{{ #!CommitTicketReference repository="bro" revision="a66b7380b6690003c1b0f321f4f7459a8469a901" Allow named vector constructors. Addresses #983. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 30 09:59:11 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 30 May 2013 16:59:11 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.5475754648c2ae255ce612990e396b86@tracker.bro.org> #983: Deep typing bug ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by jsiwek): In [changeset:b256642f273e4b53cd9520acebd3bf5b4fdde60d/bro]: {{{ #!CommitTicketReference repository="bro" revision="b256642f273e4b53cd9520acebd3bf5b4fdde60d" Allow named set constructors. Addresses #983. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro.org Thu May 30 11:30:09 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Thu, 30 May 2013 18:30:09 -0000 Subject: [Bro-Dev] #983: Deep typing bug In-Reply-To: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> References: <042.b93ebf52960db1e042b5f1f39a5358cc@tracker.bro.org> Message-ID: <057.071d8574c315ad846d009890ac8f10ac@tracker.bro.org> #983: Deep typing bug ----------------------------+------------------------ Reporter: seth | Owner: Type: Merge Request | Status: new Priority: High | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by jsiwek): * type: Problem => Merge Request Comment: Fix/workaround in `topic/jsiwek/983`. -- Ticket URL: Bro Tracker Bro Issue Tracker From jsiwek at illinois.edu Thu May 30 15:09:29 2013 From: jsiwek at illinois.edu (Siwek, Jonathan Luke) Date: Thu, 30 May 2013 22:09:29 +0000 Subject: [Bro-Dev] Plugin branch status In-Reply-To: <20130523231111.GV8596@icir.org> References: <20130518011717.GB67280@icir.org> <996FF1A9-929E-4C00-A6F8-D2E0126BDDB8@icir.org> <20130523231111.GV8596@icir.org> Message-ID: I started looking over the plugin branch (not done yet), it looks nice so far. One thing I see is that it uses CMake object library targets (e.g. "add_library( OBJECT )"), which became available in v2.8.8. That's recent enough such that none of the platforms on our testbed meet that requirement using the CMake package in their official OS repositories. So as it is, I think it would become a common thing for someone trying to build Bro to have to get a sufficient CMake version from a place other than what their OS repos provide. IMO, that's fine, just not sure if it was anticipated and fine with others as well? - Jon From robin at icir.org Thu May 30 15:33:15 2013 From: robin at icir.org (Robin Sommer) Date: Thu, 30 May 2013 15:33:15 -0700 Subject: [Bro-Dev] Plugin branch status In-Reply-To: References: <20130518011717.GB67280@icir.org> <996FF1A9-929E-4C00-A6F8-D2E0126BDDB8@icir.org> <20130523231111.GV8596@icir.org> Message-ID: <20130530223315.GI75431@icir.org> On Thu, May 30, 2013 at 22:09 +0000, you wrote: > other than what their OS repos provide. IMO, that's fine, just not > sure if it was anticipated and fine with others as well? Interesting that you ask, I was actually about to write an email about this. :) I'm aware that this a recent CMake feature. I have used it for now because it feels like the right thing to do here. The alternative would be creating lots of *.a libraries and then linking them all in. That should work too, but it's not really nice. (One probably could also manually collect all the *.o across the sub-dirs, but that's even worse I think). I wanted to pose exactly the question you bring up: what cmake version can we require these days? I'd be reluctant to up the requirement if it meant installing new cmakes for a large share of our users. From your mail it sounds like that could be the the case. If so, I think I'd actually prefer the *.a version for now and we could switch over to object libraries at a later time as >= 2.8.8 becomes more common. Let me know any other feedback you have on the branch. I'll do a little bit more cleanup and documetnation, maybe even later today. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin From robin at icir.org Thu May 30 19:21:05 2013 From: robin at icir.org (Robin Sommer) Date: Thu, 30 May 2013 19:21:05 -0700 Subject: [Bro-Dev] Plugin branch status In-Reply-To: <20130530223315.GI75431@icir.org> References: <20130518011717.GB67280@icir.org> <996FF1A9-929E-4C00-A6F8-D2E0126BDDB8@icir.org> <20130523231111.GV8596@icir.org> <20130530223315.GI75431@icir.org> Message-ID: <20130531022105.GA35108@icir.org> On Thu, May 30, 2013 at 15:33 -0700, I wrote: > because it feels like the right thing to do here. The alternative > would be creating lots of *.a libraries and then linking them all in. > That should work too, but it's not really nice. Turns out I forgot one motivation for using object libs in the first place: with static libraries, global objects aren't pulled in if they aren't explicitly referenced. Plugins register themselves via ctors of globals, which doesn't work with that model. I've put in an option now that switches between objects libraries and static libraries. Need to figure out if there's a way to make the latter work. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin From bro at tracker.bro.org Thu May 30 22:40:53 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 31 May 2013 05:40:53 -0000 Subject: [Bro-Dev] #19: New test In-Reply-To: <043.26729baa2213ee1c5e981b650656b0f5@tracker.bro.org> References: <043.26729baa2213ee1c5e981b650656b0f5@tracker.bro.org> Message-ID: <058.b11d277547a462ac6b933f68b6e56b7d@tracker.bro.org> #19: New test ----------------------+-------------------- Reporter: robin | Owner: robin Type: Problem | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: Solved | Keywords: ----------------------+-------------------- Changes (by matthias): * milestone: => Bro2.2 Comment: Replying to [ticket:19 robin]: > final test! yet another test -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro.org Fri May 31 00:00:03 2013 From: noreply at bro.org (Merge Tracker) Date: Fri, 31 May 2013 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201305310700.r4V703FI018741@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 983 [1] | seth | | High | Deep typing bug BroControl | 1006 [2] | dnthayer | | Medium | topic/dnthayer/broctl-testing [3] [1] #983: http://tracker.bro.org/bro/ticket/983 [2] #1006: http://tracker.bro.org/bro/ticket/1006 [3] broctl-testing: http://tracker.bro.org/bro/changeset?old_path=%2Fbrocontrol&old=master&new_path=%2Fbrocontrol&new=topic/dnthayer/broctl-testing From bro at tracker.bro.org Fri May 31 07:09:34 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Fri, 31 May 2013 14:09:34 -0000 Subject: [Bro-Dev] #1012: RIP Analyzer Message-ID: <045.b87e82b9263d2be4e48ef61a86677bea@tracker.bro.org> #1012: RIP Analyzer ------------------------+------------------- Reporter: nicolas | Type: Patch Status: new | Priority: Low Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: ------------------------+------------------- I wrote some code lignes to see how binpac works, it is an RIPv2 Analyzer. -- Ticket URL: Bro Tracker Bro Issue Tracker From jsiwek at illinois.edu Fri May 31 07:22:58 2013 From: jsiwek at illinois.edu (Siwek, Jonathan Luke) Date: Fri, 31 May 2013 14:22:58 +0000 Subject: [Bro-Dev] Plugin branch status In-Reply-To: <20130530223315.GI75431@icir.org> References: <20130518011717.GB67280@icir.org> <996FF1A9-929E-4C00-A6F8-D2E0126BDDB8@icir.org> <20130523231111.GV8596@icir.org> <20130530223315.GI75431@icir.org> Message-ID: > I wanted to pose exactly the question you bring up: what cmake version > can we require these days? Here's a survey: RHEL/CentOS 6.4: cmake version 2.6-patch 4 Ubuntu 12.04.2: cmake version 2.8.7 Debian 6.0: cmake version 2.8.2 FreeBSD 9.1: cmake version 2.8.6 Mac OSX: Fink/Homebrew/MacPorts all have > 2.8.8 We'd probably hear the least complaints if 2.6.4 was the minimum requirement. - Jon From bro at tracker.bro.org Fri May 31 17:46:35 2013 From: bro at tracker.bro.org (Bro Tracker) Date: Sat, 01 Jun 2013 00:46:35 -0000 Subject: [Bro-Dev] #1006: topic/dnthayer/broctl-testing In-Reply-To: <046.8bdcf826e8fe87f2956d3815443d8a31@tracker.bro.org> References: <046.8bdcf826e8fe87f2956d3815443d8a31@tracker.bro.org> Message-ID: <061.f381d4e226476902a21d2844d7e05f33@tracker.bro.org> #1006: topic/dnthayer/broctl-testing -------------------------+------------------------ Reporter: dnthayer | Owner: dnthayer Type: Problem | Status: assigned Priority: Medium | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: -------------------------+------------------------ Changes (by robin): * owner: => dnthayer * status: new => assigned * type: Merge Request => Problem Comment: Good job on this! I've tweaked some things a little bit, mostly moving stuff around, but other than that it looks good to me. I've merged it in. I do see 3 tests failing though: {{{ command.print-cluster command.status-cluster command.peerstatus-cluster }}} They all fail with a time-out problem. I believe I remember a discussion of that but don't recall the details. Is that the result of some other change? Do you see that too? -- Ticket URL: Bro Tracker Bro Issue Tracker