[Bro-Dev] Sumstats bugs & fixes
Jon Siwek
jsiwek at corelight.com
Thu Jan 18 09:50:00 PST 2018
On Wed, Jan 17, 2018 at 6:30 PM, Jim Mellander <jmellander at lbl.gov> wrote:
> Unfortunately, the reschedule
> is:
> schedule 0.01 secs { process_epoch_result(ss, now, data1) };
> instead of:
> schedule 0.01 secs { SumStats::process_epoch_result(ss, now, data1) };
> so it silently fails after the first 50 results.
Thanks, you're right about that.
> Would be nice to have a
> warning if a script schedules an event that doesn't exist.
Right again, it would be nice since it has resulted in bugs like this,
though I recall it might not be an easy change to the parser to clear
up the differences in namespacing rules for event identifiers.
> Attached please find hash_test.bro & (patched) non-cluster.bro
Thanks for those. I remember you pointing out the potential problem
in the earlier mail and meant to respond to indicate we should fix it
and I must have just forgot, so sorry for that. I had a bit of a
different idea on how to address the iterator invalidation that might
be more understandable: keep a separate list of keys to delete later,
outside the loop. I have my version of your proposed fixes at [1].
Can you take a look and let me know if that works for you?
- Jon
[1] https://github.com/bro/bro/commit/3495b2fa9d84e8105a79e24e4e9a2f9181318f1a
More information about the bro-dev
mailing list