[Bro-Dev] #200: broctl update resets/corrupts certain variables

Bro Tracker bro at tracker.icir.org
Wed Nov 24 08:11:07 PST 2010 

#200: broctl update resets/corrupts certain variables
-------------------------+---------------------------
  Reporter:  justin      |      Owner:  seth
      Type:  defect      |     Status:  accepted
  Priority:  Low         |  Milestone:  Bro1.6
 Component:  BroControl  |    Version:  1.5.2
Resolution:              |   Keywords:  broctl update
-------------------------+---------------------------
Changes (by seth):

 * owner:  robin => seth
 * status:  seen => accepted
 * milestone:   => Bro1.6


Comment:

 After digging around a little bit I figured out what's going on.  The
 update command is generally broken for any values that are set within an
 event handler.  Both of the problems being encountered by Justin are
 because values are being set within bro_init handlers.  I can think of a
 couple of directions this could go.

 1. The send-config.bro script could send the bro_init event to the workers
 which would solve most of the problems although there could still be some
 issues is people set values after that.  That is mitigated by the fact
 that anything done after bro_init is almost certainly based on traffic
 analysis and presumably changes from time to time anyway and would be set
 to something soon after the update command was given.
 2. Scripts are rewritten to more carefully use globals and consts.  In
 that case, only redef-able consts would updated.  It doesn't even really
 make sense to label a global as redef-able anyway since it can be changed
 at will within event handlers even if it's not specifically labeled as
 redef-able.

 Generally, weird issues like this will crop up where ever there is a
 redef-able global.  Because consts can't be modified from within event
 handlers and globals without the &redef attribute won't be touched when
 doing "update", there won't be problems in those cases.

 I'm inclined to say that option 2 is the more viable option since sending
 the bro_init event to the workers could cause undefined issues due to
 assumptions (correctly) made by script writers that bro_init is *only*
 called at startup.

 I think we can do this for the 1.6 release since there likely aren't that
 many redef-able globals and we're going to be doing a lot of script work
 anyway.  If anyone disagrees, feel free to bump it to 1.7 since the
 "update" feature isn't heavily used anyway. (of course, maybe it would be
 used more if it worked correctly)

-- 
Ticket URL: <http://tracker.icir.org/bro/ticket/200#comment:3>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list