hf : bug & fix

Alexandre Dumortier dumortie at student.fsa.ucl.ac.be
Fri May 14 07:23:17 PDT 1999


Hi Vern and other Bro users,

We had some trouble with the bro tool hf when resolving names of 150k
lines logs...

The problem is when using Linux and that names are not found on dns,
gethostbyaddr hangs. 

We saw in the code that you (Vern) were already aware of this problem and
that you already implement a timeout mechanism (-t time option).

But even when using the -t option, it doesn't help because of a bug in the
program.

Indeed, unlike on  BSD  systems, signals under Linux are reset to their
default  behavior  when  raised.
Reinstalling signal during interrupt procedure doesn't work due to the
longjmp which does not allow interruption to finish properly. 
So, the consequence of all this is that alarm in hf only worked once...

Solution is to save not only the environment but also the signal mask. 
Doing this way, once we've come back from interruption SIGALRM mask is set
again.


So, we suggest to patch hf.l as follow :
1) replace all "setjmp(alrmenv)" with "sigsetjmp(alrmenv,1)"
2) replace "longjmp(alrmenv,1)" with "siglongjmp(alrmenv,1)"


Some other small suggestions:
1) put alarm(0) just after doingdns=0
2) move alarm(tmo) & doingdns=1 after "if (sigsetjmp(alrmenv)) { } "


Best regards,

Alexandre Dumortier & Patrick Verstraete
Universite catholique de Louvain, Belgium




More information about the Bro mailing list