From noreply at bro-ids.org Sun Jan 1 00:00:06 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sun, 1 Jan 2012 00:00:06 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201010800.q01806D0003060@bro-ids.icir.org> > Open Merge Requests for Bro2.0 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 711 [1] | robin | seth | Normal | topic/robin/pp-alarms [2] Bro | 718 [3] | amannb | | Normal | Log protocol type for notices Bro | 728 [4] | jsiwek | | Normal | topic/jsiwek/remove-refined-type [5] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | ff1768f | Jon Siwek | 2011-12-20 | Minor fixes to external test process. (addresses #298) [6] bro | 578cd06 | Jon Siwek | 2011-12-19 | Increase timeout interval of communication-related btests. [7] broctl | 1322481 | Jon Siwek | 2011-12-20 | Patch by Edward Groenendaal dealing with missing/new spool directories. [8] [1] #711: http://tracker.bro-ids.org/bro/ticket/711 [2] pp-alarms: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/robin/pp-alarms [3] #718: http://tracker.bro-ids.org/bro/ticket/718 [4] #728: http://tracker.bro-ids.org/bro/ticket/728 [5] remove-refined-type: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/remove-refined-type [6] fastpath: http://tracker.bro-ids.org/bro/changeset/ff1768f857abcd01599854b65677a87e293b1cf6/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/578cd0617648ebafdfb7402c7cfba388690847d6/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/132248192898e24e27efb91aa73b3c9e2c4f4183/broctl From noreply at bro-ids.org Mon Jan 2 00:00:07 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Mon, 2 Jan 2012 00:00:07 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201020800.q02807kd017924@bro-ids.icir.org> > Open Merge Requests for Bro2.0 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 711 [1] | robin | seth | Normal | topic/robin/pp-alarms [2] Bro | 718 [3] | amannb | | Normal | Log protocol type for notices Bro | 728 [4] | jsiwek | | Normal | topic/jsiwek/remove-refined-type [5] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | ff1768f | Jon Siwek | 2011-12-20 | Minor fixes to external test process. (addresses #298) [6] bro | 578cd06 | Jon Siwek | 2011-12-19 | Increase timeout interval of communication-related btests. [7] broctl | 1322481 | Jon Siwek | 2011-12-20 | Patch by Edward Groenendaal dealing with missing/new spool directories. [8] [1] #711: http://tracker.bro-ids.org/bro/ticket/711 [2] pp-alarms: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/robin/pp-alarms [3] #718: http://tracker.bro-ids.org/bro/ticket/718 [4] #728: http://tracker.bro-ids.org/bro/ticket/728 [5] remove-refined-type: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/remove-refined-type [6] fastpath: http://tracker.bro-ids.org/bro/changeset/ff1768f857abcd01599854b65677a87e293b1cf6/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/578cd0617648ebafdfb7402c7cfba388690847d6/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/132248192898e24e27efb91aa73b3c9e2c4f4183/broctl From noreply at bro-ids.org Tue Jan 3 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Tue, 3 Jan 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201030800.q03802wa005688@bro-ids.icir.org> > Open Merge Requests for Bro2.0 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 711 [1] | robin | seth | Normal | topic/robin/pp-alarms [2] Bro | 718 [3] | amannb | | Normal | Log protocol type for notices Bro | 728 [4] | jsiwek | | Normal | topic/jsiwek/remove-refined-type [5] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | ff1768f | Jon Siwek | 2011-12-20 | Minor fixes to external test process. (addresses #298) [6] bro | 578cd06 | Jon Siwek | 2011-12-19 | Increase timeout interval of communication-related btests. [7] broctl | 1322481 | Jon Siwek | 2011-12-20 | Patch by Edward Groenendaal dealing with missing/new spool directories. [8] [1] #711: http://tracker.bro-ids.org/bro/ticket/711 [2] pp-alarms: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/robin/pp-alarms [3] #718: http://tracker.bro-ids.org/bro/ticket/718 [4] #728: http://tracker.bro-ids.org/bro/ticket/728 [5] remove-refined-type: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/remove-refined-type [6] fastpath: http://tracker.bro-ids.org/bro/changeset/ff1768f857abcd01599854b65677a87e293b1cf6/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/578cd0617648ebafdfb7402c7cfba388690847d6/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/132248192898e24e27efb91aa73b3c9e2c4f4183/broctl From bro at tracker.bro-ids.org Tue Jan 3 08:58:09 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 16:58:09 -0000 Subject: [Bro-Dev] #729: Linux bro build failure after distclean In-Reply-To: <048.362f11858a0e385e76c0767099d4a9b9@tracker.bro-ids.org> References: <048.362f11858a0e385e76c0767099d4a9b9@tracker.bro-ids.org> Message-ID: <063.4767577783fa8313e36f650074a2a7ca@tracker.bro-ids.org> #729: Linux bro build failure after distclean ----------------------+------------------------ Reporter: amannb | Owner: jsiwek Type: Problem | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------+------------------------ Changes (by jsiwek): * status: assigned => closed * resolution: => fixed Comment: In [0cd03986a195c9321aa79805254d93e8139bde38/bro]: {{{ #!CommitTicketReference repository="bro" revision="0cd03986a195c9321aa79805254d93e8139bde38" CMake 2.6 top-level 'install' target compat. (fixes #729) }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From jsiwek at illinois.edu Tue Jan 3 11:43:23 2012 From: jsiwek at illinois.edu (Siwek, Jonathan Luke) Date: Tue, 3 Jan 2012 19:43:23 +0000 Subject: [Bro-Dev] assignment clash error when initializing local table In-Reply-To: References: Message-ID: > From old manual, we can initialize global table when it is declared, like this. > > global a: table[count] of string = { > [11] = "eleven", > [5] = "five", > }; > > > However, if I put them within event or function, assignment clash error happens. Is there any way that I can do the same thing for the local defined table? This syntax looks like it currently works: local a: table[count] of string = table( [11] = "eleven", [5] = "five" ); +Jon From bro at tracker.bro-ids.org Tue Jan 3 12:10:16 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 20:10:16 -0000 Subject: [Bro-Dev] #720: Fix problem with loss at low packet rate In-Reply-To: <046.79d473381c0897fd9a040c8847c3d8e8@tracker.bro-ids.org> References: <046.79d473381c0897fd9a040c8847c3d8e8@tracker.bro-ids.org> Message-ID: <061.7c0e771e8fab6c400f8528747402fcf6@tracker.bro-ids.org> #720: Fix problem with loss at low packet rate ----------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Comment (by robin): I think we should change this back to the old default and also add a new script-level variable `snaplen` to change (and may deprecate the `-s` option then). -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 13:23:19 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 21:23:19 -0000 Subject: [Bro-Dev] #544: scan.bro and hot.conn.bro need updating In-Reply-To: <047.737dcb7555d7c558c1757654428e87e0@tracker.bro-ids.org> References: <047.737dcb7555d7c558c1757654428e87e0@tracker.bro-ids.org> Message-ID: <062.8d2cc4af085dcb7d3243faecfd46c2fc@tracker.bro-ids.org> #544: scan.bro and hot.conn.bro need updating ----------------------+------------------------ Reporter: robin | Owner: seth Type: Problem | Status: assigned Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Resolution: | Keywords: beta ----------------------+------------------------ Changes (by seth): * milestone: Bro2.0 => Bro2.1 Comment: Bumping this ticket to 2.1 since scan.bro is in contributed scripts and the hot.* replacement scripts are coming in 2.1 as users of the intelligence framework api. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 13:25:35 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 21:25:35 -0000 Subject: [Bro-Dev] #724: Changing semantics of ConnSizeAnalyzer In-Reply-To: <046.17850f462f1693e7eabd016bb6cf8b36@tracker.bro-ids.org> References: <046.17850f462f1693e7eabd016bb6cf8b36@tracker.bro-ids.org> Message-ID: <061.e0cc085e70affb2c883b89b399727f44@tracker.bro-ids.org> #724: Changing semantics of ConnSizeAnalyzer ----------------------+----------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Component: Bro | Version: Resolution: | Keywords: ----------------------+----------------- Changes (by seth): * milestone: Bro2.0 => Comment: I'm going to remove this ticket from a milestone for now and we can revisit it later. I'll file another ticket to remind us to find and fix the sequence counting bugs for the 2.1 release. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 13:28:06 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 21:28:06 -0000 Subject: [Bro-Dev] #730: Find and fix tcp sequence counting bugs Message-ID: <046.dcc46d96df7639fb8de3a135dbe7e0cc@tracker.bro-ids.org> #730: Find and fix tcp sequence counting bugs ---------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Keywords: | ---------------------+-------------------- Sometimes the code that watches for tcp sequence wrap around will trigger erroneously and the payload value will be grossly misrepresented in the c$(resp|orig)$size fields. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 13:30:32 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 21:30:32 -0000 Subject: [Bro-Dev] #703: NUL_in_line and line_terminated_with_single_CR complaints In-Reply-To: <046.a178d88fb4159c54e316119fd1f5ded7@tracker.bro-ids.org> References: <046.a178d88fb4159c54e316119fd1f5ded7@tracker.bro-ids.org> Message-ID: <061.a3d25d6a0d2b181dea395b56f6515f80@tracker.bro-ids.org> #703: NUL_in_line and line_terminated_with_single_CR complaints ----------------------+-------------------- Reporter: vern | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Changes (by seth): * milestone: Bro2.0 => Bro2.1 Comment: Bumping this to 2.1. Probably not worth fixing it right now. I think it's unlikely many people would notice before we get a chance to do this better. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 13:31:21 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 21:31:21 -0000 Subject: [Bro-Dev] #720: Fix problem with loss at low packet rate In-Reply-To: <046.79d473381c0897fd9a040c8847c3d8e8@tracker.bro-ids.org> References: <046.79d473381c0897fd9a040c8847c3d8e8@tracker.bro-ids.org> Message-ID: <061.2f53a236679a5241365deecc87c5467b@tracker.bro-ids.org> #720: Fix problem with loss at low packet rate ----------------------+---------------------- Reporter: seth | Owner: jsiwek Type: Problem | Status: assigned Priority: High | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ----------------------+---------------------- Changes (by seth): * owner: => jsiwek * status: new => assigned Comment: Jon, could you take care of this? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 13:37:01 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 21:37:01 -0000 Subject: [Bro-Dev] #731: Protocol Documentation Bundle 1 Message-ID: <046.32d64d3909fa99692c8d1d9723dff514@tracker.bro-ids.org> #731: Protocol Documentation Bundle 1 --------------------+-------------------- Reporter: seth | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Keywords: | --------------------+-------------------- conn dns -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 13:37:25 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 21:37:25 -0000 Subject: [Bro-Dev] #732: Protocol Documentation Bundle 2 Message-ID: <046.1f7d0a0d6ef389a62d0fe65a2815f97b@tracker.bro-ids.org> #732: Protocol Documentation Bundle 2 --------------------+-------------------- Reporter: seth | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Keywords: | --------------------+-------------------- ftp ssh -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 13:37:40 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 21:37:40 -0000 Subject: [Bro-Dev] #733: Protocol Documentation Bundle 3 Message-ID: <046.8c5470e2499f6f33b5b9daff8efb1f91@tracker.bro-ids.org> #733: Protocol Documentation Bundle 3 --------------------+-------------------- Reporter: seth | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Keywords: | --------------------+-------------------- http irc -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 13:37:56 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 21:37:56 -0000 Subject: [Bro-Dev] #734: Protocol Documentation Bundle 4 Message-ID: <046.eeb6a245efe2d29e8966e69a5c21770d@tracker.bro-ids.org> #734: Protocol Documentation Bundle 4 --------------------+-------------------- Reporter: seth | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Keywords: | --------------------+-------------------- ssl syslog -- Ticket URL: Bro Tracker Bro Issue Tracker From seth at icir.org Tue Jan 3 13:42:43 2012 From: seth at icir.org (Seth Hall) Date: Tue, 3 Jan 2012 16:42:43 -0500 Subject: [Bro-Dev] More documentation needed Message-ID: <17D7B552-C79B-4ED4-828C-B36193E287DF@icir.org> In my normal fashion, I'm a bit late to the party with yet more tasks. I missed filing tickets for documenting the protocol scripts in the previous set of documentation tickets. The protocol documentation bundles are now filed and ready to be owned. Fairly similar to the previous set of framework documentation bundles, pretty much everything in the export section needs documented (and existing documentation checked for sanity) for your protocols in the scripts in the base/protocols/ and policy/protocols directories. This documentation will be going into the same topic/script-reference branch as before. Here are the tickets: http://tracker.bro-ids.org/bro/ticket/731 http://tracker.bro-ids.org/bro/ticket/732 http://tracker.bro-ids.org/bro/ticket/733 http://tracker.bro-ids.org/bro/ticket/734 .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/ From bro at tracker.bro-ids.org Tue Jan 3 13:43:15 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 21:43:15 -0000 Subject: [Bro-Dev] #731: Protocol Documentation Bundle 1 In-Reply-To: <046.32d64d3909fa99692c8d1d9723dff514@tracker.bro-ids.org> References: <046.32d64d3909fa99692c8d1d9723dff514@tracker.bro-ids.org> Message-ID: <061.efd0d5c484fc37ad6be155504ea928cc@tracker.bro-ids.org> #731: Protocol Documentation Bundle 1 ---------------------+-------------------- Reporter: seth | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ---------------------+-------------------- Changes (by seth): * milestone: Bro2.1 => Bro2.0 -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 14:09:33 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 22:09:33 -0000 Subject: [Bro-Dev] #719: SMTP policy blocklist: Added originator only logging In-Reply-To: <047.9e4c3286edf66f09984c98d8e2df69ab@tracker.bro-ids.org> References: <047.9e4c3286edf66f09984c98d8e2df69ab@tracker.bro-ids.org> Message-ID: <062.cfd52c2305dcbf89e3add3ea9cfa1d6c@tracker.bro-ids.org> #719: SMTP policy blocklist: Added originator only logging --------------------+---------------------- Reporter: eddyg | Owner: Type: Patch | Status: new Priority: Low | Milestone: Bro2.1 Component: Bro | Version: 2.0 Beta Resolution: | Keywords: --------------------+---------------------- Changes (by seth): * milestone: Bro2.0 => Bro2.1 Comment: I'm going to wait on this. It can currently be solved by defining a complete Notice::policy entry. We can implement another shortcut that is more expressive like these examples later once we figure out what the most common notice policy entries are. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 14:11:40 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 22:11:40 -0000 Subject: [Bro-Dev] #298: Automatic build tests on NMI testbed. In-Reply-To: <046.52cb04f5dd135b7d304d18bd01deebaf@tracker.bro-ids.org> References: <046.52cb04f5dd135b7d304d18bd01deebaf@tracker.bro-ids.org> Message-ID: <061.5254c3276c568638ae48c505896e4893@tracker.bro-ids.org> #298: Automatic build tests on NMI testbed. ---------------------+---------------------- Reporter: seth | Owner: Type: Task | Status: reopened Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: nmi ---------------------+---------------------- Comment (by seth): I know there has been a lot of trouble related to this, but is it complete? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 14:14:14 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 22:14:14 -0000 Subject: [Bro-Dev] #718: Log protocol type for notices In-Reply-To: <048.02d89499b6936683b1f6e5e85519d1d3@tracker.bro-ids.org> References: <048.02d89499b6936683b1f6e5e85519d1d3@tracker.bro-ids.org> Message-ID: <063.fba12f395d85980938ef12149189f9e2@tracker.bro-ids.org> #718: Log protocol type for notices ----------------------------+-------------------- Reporter: amannb | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ----------------------------+-------------------- Comment (by seth): This branch looks good to me. I think that it makes sense to add it to this log too since there could be a number of different things represented in the log. In some of the other logs like HTTP or SSH it may not be quite as necessary to add the protocol since it can only be over TCP. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 14:20:18 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 22:20:18 -0000 Subject: [Bro-Dev] #298: Automatic build tests on NMI testbed. In-Reply-To: <046.52cb04f5dd135b7d304d18bd01deebaf@tracker.bro-ids.org> References: <046.52cb04f5dd135b7d304d18bd01deebaf@tracker.bro-ids.org> Message-ID: <061.fcddb810abfd6c512234e8cea49fd485@tracker.bro-ids.org> #298: Automatic build tests on NMI testbed. ---------------------+---------------------- Reporter: seth | Owner: Type: Task | Status: reopened Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: nmi ---------------------+---------------------- Comment (by slagell): Replying to [comment:9 seth]: > I know there has been a lot of trouble related to this, but is it complete? We are waiting on some fastpath commits to see if they address the remaining issues. We have found most of the failures to be due to timeouts and problems with other tests running on the targets for other users. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 15:58:33 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 23:58:33 -0000 Subject: [Bro-Dev] #729: Linux bro build failure after distclean In-Reply-To: <048.362f11858a0e385e76c0767099d4a9b9@tracker.bro-ids.org> References: <048.362f11858a0e385e76c0767099d4a9b9@tracker.bro-ids.org> Message-ID: <063.2c794e9a22cde36fe37801bb5b06eed7@tracker.bro-ids.org> #729: Linux bro build failure after distclean ----------------------+------------------------ Reporter: amannb | Owner: jsiwek Type: Problem | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------+------------------------ Comment (by robin): In [5435dcbfb15da73410a651f67860c578be0f3266/bro]: {{{ #!CommitTicketReference repository="bro" revision="5435dcbfb15da73410a651f67860c578be0f3266" Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: CMake 2.6 top-level 'install' target compat. (fixes #729) Minor fixes to external test process. (addresses #298) Increase timeout interval of communication-related btests. Closes #729. Closes #298. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 15:58:33 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 23:58:33 -0000 Subject: [Bro-Dev] #718: Log protocol type for notices In-Reply-To: <048.02d89499b6936683b1f6e5e85519d1d3@tracker.bro-ids.org> References: <048.02d89499b6936683b1f6e5e85519d1d3@tracker.bro-ids.org> Message-ID: <063.ad81ca62361ab84993b34223659cd842@tracker.bro-ids.org> #718: Log protocol type for notices ----------------------------+-------------------- Reporter: amannb | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: fixed | Keywords: ----------------------------+-------------------- Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [5e9153d7d683dd3f6a7f685c22d543906b2ff457/bro]: {{{ #!CommitTicketReference repository="bro" revision="5e9153d7d683dd3f6a7f685c22d543906b2ff457" Merge remote-tracking branch 'origin/topic/bernhard/notice-proto' * origin/topic/bernhard/notice-proto: log protocol in notices. Conflicts: scripts/base/frameworks/notice/main.bro Closes #718. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 15:58:33 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 23:58:33 -0000 Subject: [Bro-Dev] #298: Automatic build tests on NMI testbed. In-Reply-To: <046.52cb04f5dd135b7d304d18bd01deebaf@tracker.bro-ids.org> References: <046.52cb04f5dd135b7d304d18bd01deebaf@tracker.bro-ids.org> Message-ID: <061.db59f6c388b6f28d96e1fff7ccb5f51f@tracker.bro-ids.org> #298: Automatic build tests on NMI testbed. ---------------------+-------------------- Reporter: seth | Owner: robin Type: Task | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: fixed | Keywords: nmi ---------------------+-------------------- Changes (by robin): * owner: => robin * status: reopened => closed * resolution: => fixed Comment: In [5435dcbfb15da73410a651f67860c578be0f3266/bro]: {{{ #!CommitTicketReference repository="bro" revision="5435dcbfb15da73410a651f67860c578be0f3266" Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: CMake 2.6 top-level 'install' target compat. (fixes #729) Minor fixes to external test process. (addresses #298) Increase timeout interval of communication-related btests. Closes #729. Closes #298. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 15:58:48 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 23:58:48 -0000 Subject: [Bro-Dev] #728: topic/jsiwek/remove-refined-type In-Reply-To: <048.d037661707ff70ae4730c22fbb12b984@tracker.bro-ids.org> References: <048.d037661707ff70ae4730c22fbb12b984@tracker.bro-ids.org> Message-ID: <063.4beb9bed164f42ea8fa5755893394f06@tracker.bro-ids.org> #728: topic/jsiwek/remove-refined-type ----------------------------+------------------------ Reporter: jsiwek | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [c5cee3d5746ed3d5c14348c1f264d19404caa761/broccoli]: {{{ #!CommitTicketReference repository="broccoli" revision="c5cee3d5746ed3d5c14348c1f264d19404caa761" Merge remote-tracking branch 'origin/topic/jsiwek/remove-refined-type' * origin/topic/jsiwek/remove-refined-type: Remove record base type list since it's been removed from Bro. Closes #728. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 3 15:58:55 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 03 Jan 2012 23:58:55 -0000 Subject: [Bro-Dev] #716: BroControl: Improve installation when changing Spool directory location In-Reply-To: <047.390058a9cc5ea96a4e4a67c8b256a555@tracker.bro-ids.org> References: <047.390058a9cc5ea96a4e4a67c8b256a555@tracker.bro-ids.org> Message-ID: <062.e10568bdf6d73208eb7896f82c346231@tracker.bro-ids.org> #716: BroControl: Improve installation when changing Spool directory location -------------------------+---------------------- Reporter: eddyg | Owner: robin Type: Patch | Status: closed Priority: Low | Milestone: Bro2.0 Component: BroControl | Version: 2.0 Beta Resolution: fixed | Keywords: -------------------------+---------------------- Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [d3d5934310a94452b1dddabb2e75f6c5c86b4860/broctl]: {{{ #!CommitTicketReference repository="broctl" revision="d3d5934310a94452b1dddabb2e75f6c5c86b4860" Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: Patch by Edward Groenendaal dealing with missing/new spool directories. Closes #716. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Wed Jan 4 00:00:04 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Wed, 4 Jan 2012 00:00:04 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201040800.q04804eU031606@bro-ids.icir.org> > Open Merge Requests for Bro2.0 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 711 [1] | robin | seth | Normal | topic/robin/pp-alarms [2] [1] #711: http://tracker.bro-ids.org/bro/ticket/711 [2] pp-alarms: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/robin/pp-alarms From bro at tracker.bro-ids.org Wed Jan 4 10:20:02 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 04 Jan 2012 18:20:02 -0000 Subject: [Bro-Dev] #735: Clean up and merge the TCPStats analyzer Message-ID: <046.98d32efb2f183e28fd41325e04632c26@tracker.bro-ids.org> #735: Clean up and merge the TCPStats analyzer --------------------+-------------------- Reporter: seth | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Keywords: | --------------------+-------------------- Katrina wants to get her TCPStats analyzer merged. Let's aim for getting it cleaned up and ready for the 2.1 release. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 4 10:44:28 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 04 Jan 2012 18:44:28 -0000 Subject: [Bro-Dev] #711: topic/robin/pp-alarms In-Reply-To: <047.1b448e78bff44559e1f195ed0f4d8430@tracker.bro-ids.org> References: <047.1b448e78bff44559e1f195ed0f4d8430@tracker.bro-ids.org> Message-ID: <062.505417a599b5571e3c1c983587faa3eb@tracker.bro-ids.org> #711: topic/robin/pp-alarms -----------------------------+-------------------- Reporter: robin | Owner: seth Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: Solved/Applied | Keywords: -----------------------------+-------------------- Changes (by seth): * status: new => closed * resolution: => Solved/Applied -- Ticket URL: Bro Tracker Bro Issue Tracker From mcholste at gmail.com Wed Jan 4 11:11:27 2012 From: mcholste at gmail.com (Martin Holste) Date: Wed, 4 Jan 2012 13:11:27 -0600 Subject: [Bro-Dev] #718: Log protocol type for notices In-Reply-To: <063.ad81ca62361ab84993b34223659cd842@tracker.bro-ids.org> References: <048.02d89499b6936683b1f6e5e85519d1d3@tracker.bro-ids.org> <063.ad81ca62361ab84993b34223659cd842@tracker.bro-ids.org> Message-ID: It would be very helpful if all of the logs started with the connection tuple to make parsing easier. On Tue, Jan 3, 2012 at 5:58 PM, Bro Tracker wrote: > #718: Log protocol type for notices > ----------------------------+-------------------- > ?Reporter: ?amannb ? ? ? ? | ? ? ?Owner: ?robin > ? ? ?Type: ?Merge Request ?| ? ? Status: ?closed > ?Priority: ?Normal ? ? ? ? | ?Milestone: ?Bro2.0 > ?Component: ?Bro ? ? ? ? ? ?| ? ?Version: > Resolution: ?fixed ? ? ? ? ?| ? Keywords: > ----------------------------+-------------------- > Changes (by robin): > > ?* owner: ? => robin > ?* status: ?new => closed > ?* resolution: ? => fixed > > > Comment: > > ?In [5e9153d7d683dd3f6a7f685c22d543906b2ff457/bro]: > ?{{{ > ?#!CommitTicketReference repository="bro" > ?revision="5e9153d7d683dd3f6a7f685c22d543906b2ff457" > ?Merge remote-tracking branch 'origin/topic/bernhard/notice-proto' > > ?* origin/topic/bernhard/notice-proto: > ? log protocol in notices. > > ?Conflicts: > ? ? ? ? scripts/base/frameworks/notice/main.bro > > ?Closes #718. > ?}}} > > -- > Ticket URL: > Bro Tracker > Bro Issue Tracker > > _______________________________________________ > bro-dev mailing list > bro-dev at bro-ids.org > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev From bro at tracker.bro-ids.org Wed Jan 4 11:49:37 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 04 Jan 2012 19:49:37 -0000 Subject: [Bro-Dev] #736: Small Notice cleanup Message-ID: <046.7863520b7675cb56b8d9e690ada2a8b0@tracker.bro-ids.org> #736: Small Notice cleanup ---------------------+-------------------- Reporter: seth | Owner: seth Type: Problem | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Keywords: | ---------------------+-------------------- Clean up the obviously bad message wording on notices. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 4 11:50:42 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 04 Jan 2012 19:50:42 -0000 Subject: [Bro-Dev] #737: SFTP log rotator Message-ID: <046.09063159df9ebfc39f5f9b22aa17d8c0@tracker.bro-ids.org> #737: SFTP log rotator ---------------------+-------------------- Reporter: seth | Owner: jsiwek Type: Problem | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Keywords: | ---------------------+-------------------- We have an SCP log rotator, we need an SFTP one too. It's basically the same as the SCP rotator except a different command is executed. Should be a mostly copy and paste job. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 4 12:03:31 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 04 Jan 2012 20:03:31 -0000 Subject: [Bro-Dev] #738: topic/seth/ssl-improvements - Merge in some more ssl fixes Message-ID: <046.9e3333e6ceb55a8b5a1f8aa9628cc2a5@tracker.bro-ids.org> #738: topic/seth/ssl-improvements - Merge in some more ssl fixes ---------------------------+-------------------- Reporter: seth | Owner: robin Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Keywords: | ---------------------------+-------------------- This fixes a bug and cleans up the ssl analyzer a bit more. It should be fairly non-invasive, and all of the btest tests still pass. It also adds an extra event named ssl_session_ticket_handshake to get the stateless session resumption value when the client sends it to the server. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 4 13:09:10 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 04 Jan 2012 21:09:10 -0000 Subject: [Bro-Dev] #738: topic/seth/ssl-improvements - Merge in some more ssl fixes In-Reply-To: <046.9e3333e6ceb55a8b5a1f8aa9628cc2a5@tracker.bro-ids.org> References: <046.9e3333e6ceb55a8b5a1f8aa9628cc2a5@tracker.bro-ids.org> Message-ID: <061.97961682793ec10e914f186d10750563@tracker.bro-ids.org> #738: topic/seth/ssl-improvements - Merge in some more ssl fixes -----------------------------+-------------------- Reporter: seth | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: Solved/Applied | Keywords: -----------------------------+-------------------- Changes (by robin): * status: new => closed * resolution: => Solved/Applied -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 4 14:37:46 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 04 Jan 2012 22:37:46 -0000 Subject: [Bro-Dev] #720: Fix problem with loss at low packet rate In-Reply-To: <046.79d473381c0897fd9a040c8847c3d8e8@tracker.bro-ids.org> References: <046.79d473381c0897fd9a040c8847c3d8e8@tracker.bro-ids.org> Message-ID: <061.4a60d2ef3bf58bbcf0c4630f5810cf99@tracker.bro-ids.org> #720: Fix problem with loss at low packet rate ----------------------+-------------------- Reporter: seth | Owner: jsiwek Type: Problem | Status: closed Priority: High | Milestone: Bro2.0 Component: Bro | Version: Resolution: fixed | Keywords: ----------------------+-------------------- Changes (by jsiwek): * status: assigned => closed * resolution: => fixed Comment: In [645c80f9742049e45cab9f7349ed34a1ddb722d8/bro]: {{{ #!CommitTicketReference repository="bro" revision="645c80f9742049e45cab9f7349ed34a1ddb722d8" Reduce snaplen default from 65535 to old default of 8192. (fixes #720) Also replaced the --snaplen/-l command line option with a scripting-layer option called "snaplen" (which can also be redefined on the command line, e.g. `bro -i eth0 snaplen=65535`). }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 4 14:55:04 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 04 Jan 2012 22:55:04 -0000 Subject: [Bro-Dev] #739: topic/jsiwek/local-table-init Message-ID: <048.40f08b615a25cda86b338fd5fc758016@tracker.bro-ids.org> #739: topic/jsiwek/local-table-init ---------------------------+------------------------ Reporter: jsiwek | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ This branch allows local tables to be initialized with a {} list, like how global tables already can be. It fixes the "type clash in assignment" error in e.g.: {{{ event bro_init() { local l_table: table[count] of string = { [one] = "one" }; } }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Thu Jan 5 00:00:15 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Thu, 5 Jan 2012 00:00:15 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201050800.q0580FrO002910@bro-ids.icir.org> > Open Merge Requests for Bro2.0 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 739 [1] | jsiwek | | Normal | topic/jsiwek/local-table-init [2] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 7d85308 | Jon Siwek | 2012-01-04 | Remove upgrade documentation regarding change in default snaplen. [3] bro | 645c80f | Jon Siwek | 2012-01-04 | Reduce snaplen default from 65535 to old default of 8192. (fixes #720) [4] [1] #739: http://tracker.bro-ids.org/bro/ticket/739 [2] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init [3] fastpath: http://tracker.bro-ids.org/bro/changeset/7d85308b761db2fe61289532ef2fd60d33d91a1b/bro [4] fastpath: http://tracker.bro-ids.org/bro/changeset/645c80f9742049e45cab9f7349ed34a1ddb722d8/bro From bro at tracker.bro-ids.org Thu Jan 5 07:22:17 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 05 Jan 2012 15:22:17 -0000 Subject: [Bro-Dev] #519: policy/protocols/http/headers.bro only logs client headers In-Reply-To: <046.5777f3c379efa3c38e8a08a6979a91db@tracker.bro-ids.org> References: <046.5777f3c379efa3c38e8a08a6979a91db@tracker.bro-ids.org> Message-ID: <061.74442ec68e9d8093d6a688405c66b4b6@tracker.bro-ids.org> #519: policy/protocols/http/headers.bro only logs client headers ----------------------+---------------------- Reporter: vern | Owner: seth Type: Problem | Status: reopened Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------+---------------------- Changes (by seth): * milestone: Bro2.0 => Bro2.1 Comment: This isn't important enough to be a blocker for 2.0 -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Jan 5 07:27:57 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 05 Jan 2012 15:27:57 -0000 Subject: [Bro-Dev] #740: Bug resulting in too many internal type references Message-ID: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> #740: Bug resulting in too many internal type references ---------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Keywords: | ---------------------+-------------------- There is a hard limit to how many references Bro will create for a type or value (INT_MAX) and we are using a function incorrectly leading to termination after long uptimes. There are a few places (for example strings.bif:132) where the internal_type function is called to get a reference to the type for a Bro script level defined type. Unfortunately when internal_type is called, it in turn calls lookup_ID (Var.cc:486 leading to Scope.cc:115) which looks up the type, adds an additional reference to it and returns it. The code that called internal_type never Unrefs the value. Eventually Obj.h:207 causes a shutdown when INT_MAX references are created to the type. I'm thinking we should just lookup the type a single time at startup along with all of the other Bro defined types in NetVar.cc and reuse the value after that so we one reference it a single time. It's more consistent with how the internal_type function is called for other cases. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Jan 5 07:30:49 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 05 Jan 2012 15:30:49 -0000 Subject: [Bro-Dev] #740: Bug resulting in too many internal type references In-Reply-To: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> References: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> Message-ID: <061.81b28f4d10c2511696f4cc4da8b2a1cf@tracker.bro-ids.org> #740: Bug resulting in too many internal type references ----------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Comment (by seth): Here's a backtrace.... {{{ #0 0x286b7ea7 in kill () from /lib/libc.so.7 #0 0x286b7ea7 in kill () from /lib/libc.so.7 #1 0x286b7e06 in raise () from /lib/libc.so.7 #2 0x286b6a1a in abort () from /lib/libc.so.7 #3 0x08196a0a in Reporter::InternalError (this=) at /home/users/bro/bro-2.0-beta/src/Reporter.cc:118 #4 0x081bd912 in bad_ref (type=1) at /home/users/bro/bro-2.0-beta/src/Obj.cc:250 #5 0x081f29cd in lookup_ID (name=0x8261025 "string_array", curr_module=0x824ad2f "GLOBAL", no_global=false, same_module_only=false) at Obj.h:208 #6 0x0823bf50 in internal_type (name=0x8261025 "string_array") at /home/users/bro/bro-2.0-beta/src/Var.cc:486 #7 0x08165ba8 in do_split (str_val=0x30745980, re=0x28866f20, other_sep=) at strings.bif:219 #8 0x08166606 in BifFunc::bro_split1 (frame=0x30715c80, BiF_ARGS=0x316025a0) at strings.bif:386 #9 0x08150ce3 in BuiltinFunc::Call (this=0x2885bd30, args=0x316025a0, parent=0x30715c80) at /home/users/bro/bro-2.0-beta/src/Func.cc:476 #10 0x0812b2bb in CallExpr::Eval (this=0x28874a00, f=0x30715c80) at /home/users/bro/bro-2.0-beta/src/Expr.cc:4651 #11 0x0812a222 in AssignExpr::Eval (this=0x28875400, f=0x30715c80) at /home/users/bro/bro-2.0-beta/src/Expr.cc:2598 #12 0x0820e2aa in ExprStmt::Exec (this=0x28874b80, f=0x30715c80, flow=@0xbfbfe044) at /home/users/bro/bro-2.0-beta/src/Stmt.cc:367 #13 0x0820a8dc in StmtList::Exec (this=0x28869b00, f=0x30715c80, flow=@0xbfbfe044) at /home/users/bro/bro-2.0-beta/src/Stmt.cc:1402 #14 0x0815110f in BroFunc::Call (this=0x288953c0, args=0xbfbfe0ac, parent=0x0) at /home/users/bro/bro-2.0-beta/src/Func.cc:333 #15 0x0819e2fd in LogMgr::Write (this=0x2872c770, id=0x28d45480, columns=0x2f3b34e0) at /home/users/bro/bro-2.0-beta/src/LogMgr.cc:938 #16 0x081560fc in BifFunc::Log::bro___write (frame=0x305f6c40, BiF_ARGS=0x30143b70) at logging.bif:46 #17 0x08150ce3 in BuiltinFunc::Call (this=0x2885b7e0, args=0x30143b70, parent=0x305f6c40) at /home/users/bro/bro-2.0-beta/src/Func.cc:476 #18 0x0812b2bb in CallExpr::Eval (this=0x2889d340, f=0x305f6c40) at /home/users/bro/bro-2.0-beta/src/Expr.cc:4651 #19 0x0820a8dc in StmtList::Exec (this=0x2889a740, f=0x305f6c40, flow=@0xbfbfe314) at /home/users/bro/bro-2.0-beta/src/Stmt.cc:1402 #20 0x0815110f in BroFunc::Call (this=0x2889a800, args=0x2ffa2550, parent=0x305f3980) at /home/users/bro/bro-2.0-beta/src/Func.cc:333 #21 0x0812b2bb in CallExpr::Eval (this=0x28d47250, f=0x305f3980) at /home/users/bro/bro-2.0-beta/src/Expr.cc:4651 #22 0x0820e2aa in ExprStmt::Exec (this=0x28d472b0, f=0x305f3980, flow=@0xbfbfe474) at /home/users/bro/bro-2.0-beta/src/Stmt.cc:367 #23 0x0820a8dc in StmtList::Exec (this=0x28d45440, f=0x305f3980, flow=@0xbfbfe474) at /home/users/bro/bro-2.0-beta/src/Stmt.cc:1402 #24 0x0815110f in BroFunc::Call (this=0x287fb980, args=0x2e6a6f80, parent=0x0) at /home/users/bro/bro-2.0-beta/src/Func.cc:333 #25 0x08103836 in EventHandler::Call (this=0x287640d0, vl=0x2e6a6f80, no_remote=false) at /home/users/bro/bro-2.0-beta/src/EventHandler.cc:72 #26 0x081030cc in EventMgr::Dispatch (this=0x82d0ec0) at Event.h:46 #27 0x08103218 in EventMgr::Drain (this=0x82d0ec0) at /home/users/bro/bro-2.0-beta/src/Event.cc:117 #28 0x081b462c in net_packet_dispatch (t=1324679985.0004079, hdr=0x28706c38, pkt=0x293000be "", hdr_size=14, src_ps=0x28706c00, pkt_elem=0x0) at /home/users/bro/bro-2.0-beta/src/Net.cc:352 #29 0x081b4b59 in net_packet_arrival (t=1324679985.0004079, hdr=0x28706c38, pkt=0x293000be "", hdr_size=14, src_ps=0x28706c00) at /home/users/bro/bro-2.0-beta/src/Net.cc:414 #30 0x081c44c2 in PktSrc::Process (this=0x28706c00) at /home/users/bro/bro-2.0-beta/src/PktSrc.cc:273 #31 0x081b48c5 in net_run () at /home/users/bro/bro-2.0-beta/src/Net.cc:444 #32 0x080b50c6 in main (argc=) at /home/users/bro/bro-2.0-beta/src/main.cc:1015 }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Jan 5 08:58:37 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 05 Jan 2012 16:58:37 -0000 Subject: [Bro-Dev] #740: Bug resulting in too many internal type references In-Reply-To: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> References: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> Message-ID: <061.eb2b670c818e176487530170ebf0992a@tracker.bro-ids.org> #740: Bug resulting in too many internal type references ----------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Comment (by robin): This sounds like a plain ref counting bug to me. The caller should unref once it doesn't need the type anymore. Were you able to understand which caller isn't doing it? It doesn't need to be the on the stack backtrace (and from a quick look, it isn't). > I'm thinking we should just lookup the type a single time at startup along with all of the other Bro defined types in NetVar?.cc and reuse the value after that so > we one reference it a single time. That won't help as anybody using a a type would still need to ref it (and thus also unref). > It's more consistent with how the internal_type function is called for other cases. Why would that be more consistent? -- Ticket URL: Bro Tracker Bro Issue Tracker From robin at icir.org Thu Jan 5 09:00:50 2012 From: robin at icir.org (Robin Sommer) Date: Thu, 5 Jan 2012 09:00:50 -0800 Subject: [Bro-Dev] #718: Log protocol type for notices In-Reply-To: References: <048.02d89499b6936683b1f6e5e85519d1d3@tracker.bro-ids.org> <063.ad81ca62361ab84993b34223659cd842@tracker.bro-ids.org> Message-ID: <20120105170049.GC32968@icir.org> On Wed, Jan 04, 2012 at 13:11 -0600, you wrote: > It would be very helpful if all of the logs started with the > connection tuple to make parsing easier. We're trying to avoid relying on the order of fields. The recommended way is to parse the header and then index columns by their names. While using columns directly would be easier of course, it makes it hard to change a log's content in the future. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From bro at tracker.bro-ids.org Thu Jan 5 15:24:07 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 05 Jan 2012 23:24:07 -0000 Subject: [Bro-Dev] #720: Fix problem with loss at low packet rate In-Reply-To: <046.79d473381c0897fd9a040c8847c3d8e8@tracker.bro-ids.org> References: <046.79d473381c0897fd9a040c8847c3d8e8@tracker.bro-ids.org> Message-ID: <061.5ef6c20540df0f50720a027252604f20@tracker.bro-ids.org> #720: Fix problem with loss at low packet rate ----------------------+-------------------- Reporter: seth | Owner: jsiwek Type: Problem | Status: closed Priority: High | Milestone: Bro2.0 Component: Bro | Version: Resolution: fixed | Keywords: ----------------------+-------------------- Comment (by robin): In [edb6e80ff36e162dec0fe25c231f985fe8a3c24c/bro]: {{{ #!CommitTicketReference repository="bro" revision="edb6e80ff36e162dec0fe25c231f985fe8a3c24c" Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: Remove upgrade documentation regarding change in default snaplen. Reduce snaplen default from 65535 to old default of 8192. (fixes #720) Closes #720. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Fri Jan 6 00:00:03 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Fri, 6 Jan 2012 00:00:03 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201060800.q06803IC032009@bro-ids.icir.org> > Open Merge Requests for Bro2.0 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 739 [1] | jsiwek | | Normal | topic/jsiwek/local-table-init [2] [1] #739: http://tracker.bro-ids.org/bro/ticket/739 [2] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init From bro at tracker.bro-ids.org Fri Jan 6 05:45:43 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 13:45:43 -0000 Subject: [Bro-Dev] #740: Bug resulting in too many internal type references In-Reply-To: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> References: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> Message-ID: <061.af186ca14232c9121e9963591b66309d@tracker.bro-ids.org> #740: Bug resulting in too many internal type references ----------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Comment (by seth): > This sounds like a plain ref counting bug to me. The caller should > unref once it doesn't need the type anymore. Were you able to > understand which caller isn't doing it? It doesn't need to be the on > the stack backtrace (and from a quick look, it isn't). There are only a few places outside of NetVar.cc that even call internal_type which is why I made the consistency comment. You can find everywhere that causes this ref counting problem with a quick grep since there aren't that many, especially if you count out the stuff in NetVar.cc. And I caused this bug (/me ducks). -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 6 06:35:10 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 14:35:10 -0000 Subject: [Bro-Dev] #741: Remove HTTP verbs from HTTP analyzer Message-ID: <046.33191738c5e4da46b75e4c33d1e6e42a@tracker.bro-ids.org> #741: Remove HTTP verbs from HTTP analyzer ---------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Keywords: | ---------------------+-------------------- We should remove the HTTP verbs (methods) from the HTTP analyzer and just parse out whatever the client gives. Nonstandard verbs will cause the client side of the analyzer to completely not work which is clearly not optimal. Making this change will remove a couple of for loops from the HTTP analyzer too. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 6 08:29:31 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 16:29:31 -0000 Subject: [Bro-Dev] #740: Bug resulting in too many internal type references In-Reply-To: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> References: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> Message-ID: <061.17391fd5757dd397526045ad3ec91c9a@tracker.bro-ids.org> #740: Bug resulting in too many internal type references ----------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Comment (by robin): Replying to [comment:2 seth]: > And I caused this bug (/me ducks). So where's the unref missing? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 6 08:33:12 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 16:33:12 -0000 Subject: [Bro-Dev] #739: topic/jsiwek/local-table-init In-Reply-To: <048.40f08b615a25cda86b338fd5fc758016@tracker.bro-ids.org> References: <048.40f08b615a25cda86b338fd5fc758016@tracker.bro-ids.org> Message-ID: <063.47a64e282e47a8775ef46ec7a9d7bc4a@tracker.bro-ids.org> #739: topic/jsiwek/local-table-init ----------------------------+------------------------ Reporter: jsiwek | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by robin): * milestone: Bro2.0 => Bro2.1 Comment: Postponing to 2.1. -- Ticket URL: Bro Tracker Bro Issue Tracker From robin at icir.org Fri Jan 6 08:36:15 2012 From: robin at icir.org (Robin Sommer) Date: Fri, 6 Jan 2012 08:36:15 -0800 Subject: [Bro-Dev] [Auto] Merge Status In-Reply-To: <201201060800.q06803IC032009@bro-ids.icir.org> References: <201201060800.q06803IC032009@bro-ids.icir.org> Message-ID: <20120106163615.GA86485@icir.org> On Fri, Jan 06, 2012 at 00:00 -0800, you wrote: > Bro | 739 [1] | jsiwek | | Normal | topic/jsiwek/local-table-init [2] I really want to wrap up 2.0 asap so I've moved this to 2.1, seems non-critical. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From bro at tracker.bro-ids.org Fri Jan 6 08:56:58 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 16:56:58 -0000 Subject: [Bro-Dev] #742: Maintain constant order for hostname notice email extension Message-ID: <046.95889261c6d0b1c7495e259f92d824b3@tracker.bro-ids.org> #742: Maintain constant order for hostname notice email extension ---------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Keywords: | ---------------------+-------------------- The orig and resp field names will be ordered differently at times which is confusing when reading emails. Figure out a way to maintain constant ordering. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 6 09:19:49 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 17:19:49 -0000 Subject: [Bro-Dev] #740: Bug resulting in too many internal type references In-Reply-To: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> References: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> Message-ID: <061.5b041ccc73e4a71c5b9d9447fe07baca@tracker.bro-ids.org> #740: Bug resulting in too many internal type references ----------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Comment (by seth): > So where's the unref missing? In the do_split function. I'm never saving the returned ref'd pointer from the internal_type call so I couldn't unref it (I didn't realize it was adding a reference to the value). I think it should just be moved to NetVar.cc though. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 6 09:27:58 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 17:27:58 -0000 Subject: [Bro-Dev] #740: Bug resulting in too many internal type references In-Reply-To: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> References: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> Message-ID: <061.179e5dbd26e289c3f4b3514e45efaa1d@tracker.bro-ids.org> #740: Bug resulting in too many internal type references ----------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Comment (by robin): Ah, I didn't realize that TableVal ref's the type internally as well (other methods often take an already ref'ed object). Ok, we can move this to NetVar (and there are more like this in strings.bif). -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 6 10:36:54 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 18:36:54 -0000 Subject: [Bro-Dev] #743: topic/jsiwek/openbsd-support Message-ID: <048.74724c0a44a72c7a2cddd9bfb42d27c7@tracker.bro-ids.org> #743: topic/jsiwek/openbsd-support ---------------------+------------------------ Reporter: jsiwek | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: git/master Keywords: | ---------------------+------------------------ This branch adds some support for building Bro on OpenBSD. It exists in `bro`, `cmake`, `bro-aux`, `broccoli`, `broctl` repos. One build catch is that the top-level Makefile may not work with the default `make` on OpenBSD, for now I added a note to INSTALL to use either gmake or the CMake-generated Makefile in the `build/` directory directly. Another catch is that I saw runtime warnings coming from the libbind-9.4.2 package on OpenBSD 5.0 regarding mismatched symbol sizes, but some simple testing looked like Bro worked. I'm going to mark this for 2.0 since the changes appeared to not interfere with any of the officially support platforms, but can be moved back. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 6 10:37:11 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 18:37:11 -0000 Subject: [Bro-Dev] #743: topic/jsiwek/openbsd-support In-Reply-To: <048.74724c0a44a72c7a2cddd9bfb42d27c7@tracker.bro-ids.org> References: <048.74724c0a44a72c7a2cddd9bfb42d27c7@tracker.bro-ids.org> Message-ID: <063.ca863906311f21ea2a6fb04f8b4dd0ca@tracker.bro-ids.org> #743: topic/jsiwek/openbsd-support ----------------------------+------------------------ Reporter: jsiwek | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by jsiwek): * type: Problem => Merge Request -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 6 12:58:35 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 20:58:35 -0000 Subject: [Bro-Dev] #737: SFTP log rotator In-Reply-To: <046.09063159df9ebfc39f5f9b22aa17d8c0@tracker.bro-ids.org> References: <046.09063159df9ebfc39f5f9b22aa17d8c0@tracker.bro-ids.org> Message-ID: <061.e2293aebea1fb7d67c3a531d737beb06@tracker.bro-ids.org> #737: SFTP log rotator ----------------------+-------------------- Reporter: seth | Owner: jsiwek Type: Problem | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Comment (by jsiwek): In [e7cf347288e4318c4629baf9f2f9ff44b8eef333/bro]: {{{ #!CommitTicketReference repository="bro" revision="e7cf347288e4318c4629baf9f2f9ff44b8eef333" Add SFTP log postprocessor that transfers logs to remote hosts. Addresses #737 }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 6 13:00:07 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 21:00:07 -0000 Subject: [Bro-Dev] #737: SFTP log rotator In-Reply-To: <046.09063159df9ebfc39f5f9b22aa17d8c0@tracker.bro-ids.org> References: <046.09063159df9ebfc39f5f9b22aa17d8c0@tracker.bro-ids.org> Message-ID: <061.29bb7fece683477aa1caeb18990a89a2@tracker.bro-ids.org> #737: SFTP log rotator ----------------------------+------------------------ Reporter: seth | Owner: jsiwek Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by jsiwek): * version: => git/master * type: Problem => Merge Request Comment: In `topic/jsiwek/sftp-pp` -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 6 13:16:35 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 21:16:35 -0000 Subject: [Bro-Dev] #731: Protocol Documentation Bundle 1 In-Reply-To: <046.32d64d3909fa99692c8d1d9723dff514@tracker.bro-ids.org> References: <046.32d64d3909fa99692c8d1d9723dff514@tracker.bro-ids.org> Message-ID: <061.b73eb2d2f0fa2a68a71cb4bd8414dca8@tracker.bro-ids.org> #731: Protocol Documentation Bundle 1 ---------------------+---------------------- Reporter: seth | Owner: jsiwek Type: Task | Status: assigned Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ---------------------+---------------------- Changes (by jsiwek): * owner: => jsiwek * status: new => assigned -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 6 13:31:43 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 21:31:43 -0000 Subject: [Bro-Dev] #744: Subnets types broken in logging framework with ipv6 enabled Message-ID: <046.a1ca177adc1b775d95f1066898382676@tracker.bro-ids.org> #744: Subnets types broken in logging framework with ipv6 enabled ---------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Keywords: ipv6 | ---------------------+-------------------- When configured with --enable-brov6, the logging framework is broken when trying to log subnets. The relevant test does indicate this failure (testing/btest/scripts/base/frameworks/logging/types.bro). -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 6 13:54:29 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 21:54:29 -0000 Subject: [Bro-Dev] #709: Framework Documentation Package 4 In-Reply-To: <046.992c96e6db16fdf1fb40e698b4833ac4@tracker.bro-ids.org> References: <046.992c96e6db16fdf1fb40e698b4833ac4@tracker.bro-ids.org> Message-ID: <061.59da0a848ab9c3a2349dbf841c4f744f@tracker.bro-ids.org> #709: Framework Documentation Package 4 -----------------------------+-------------------- Reporter: seth | Owner: seth Type: Task | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: Solved/Applied | Keywords: -----------------------------+-------------------- Changes (by seth): * status: assigned => closed * resolution: => Solved/Applied Comment: Will be merged with the topic/script-reference branch. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 6 13:55:36 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 21:55:36 -0000 Subject: [Bro-Dev] #734: Protocol Documentation Bundle 4 In-Reply-To: <046.eeb6a245efe2d29e8966e69a5c21770d@tracker.bro-ids.org> References: <046.eeb6a245efe2d29e8966e69a5c21770d@tracker.bro-ids.org> Message-ID: <061.71f35a3220f1bbef82f91cac9d466df3@tracker.bro-ids.org> #734: Protocol Documentation Bundle 4 ---------------------+---------------------- Reporter: seth | Owner: dnthayer Type: Task | Status: assigned Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ---------------------+---------------------- Changes (by seth): * owner: => dnthayer * status: new => assigned -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 6 13:56:09 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 06 Jan 2012 21:56:09 -0000 Subject: [Bro-Dev] #732: Protocol Documentation Bundle 2 In-Reply-To: <046.1f7d0a0d6ef389a62d0fe65a2815f97b@tracker.bro-ids.org> References: <046.1f7d0a0d6ef389a62d0fe65a2815f97b@tracker.bro-ids.org> Message-ID: <061.89ed1a776aad95a2c6b828a458ec8789@tracker.bro-ids.org> #732: Protocol Documentation Bundle 2 ---------------------+---------------------- Reporter: seth | Owner: seth Type: Task | Status: assigned Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ---------------------+---------------------- Changes (by seth): * owner: => seth * status: new => assigned -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Sat Jan 7 00:00:05 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 7 Jan 2012 00:00:05 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201070800.q0780523027029@bro-ids.icir.org> > Open Merge Requests for Bro2.0 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 737 [1] | seth | jsiwek | Normal | SFTP log rotator Bro | 743 [2] | jsiwek | | Normal | topic/jsiwek/openbsd-support [3] [1] #737: http://tracker.bro-ids.org/bro/ticket/737 [2] #743: http://tracker.bro-ids.org/bro/ticket/743 [3] openbsd-support: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/openbsd-support From bro at tracker.bro-ids.org Sat Jan 7 22:16:41 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Sun, 08 Jan 2012 06:16:41 -0000 Subject: [Bro-Dev] #732: Protocol Documentation Bundle 2 In-Reply-To: <046.1f7d0a0d6ef389a62d0fe65a2815f97b@tracker.bro-ids.org> References: <046.1f7d0a0d6ef389a62d0fe65a2815f97b@tracker.bro-ids.org> Message-ID: <061.119b5228d964a0ed8c461505c1d57816@tracker.bro-ids.org> #732: Protocol Documentation Bundle 2 ---------------------+-------------------- Reporter: seth | Owner: seth Type: Task | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: fixed | Keywords: ---------------------+-------------------- Changes (by seth): * status: assigned => closed * resolution: => fixed Comment: In [48ed922e0606ff9a926204d461deb455117ede6f/bro]: {{{ #!CommitTicketReference repository="bro" revision="48ed922e0606ff9a926204d461deb455117ede6f" SSH&FTP Documentation updates. Closes #732 }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Sat Jan 7 22:17:39 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Sun, 08 Jan 2012 06:17:39 -0000 Subject: [Bro-Dev] #733: Protocol Documentation Bundle 3 In-Reply-To: <046.8c5470e2499f6f33b5b9daff8efb1f91@tracker.bro-ids.org> References: <046.8c5470e2499f6f33b5b9daff8efb1f91@tracker.bro-ids.org> Message-ID: <061.3b3c120634f9384316226ecd2718aba8@tracker.bro-ids.org> #733: Protocol Documentation Bundle 3 ---------------------+---------------------- Reporter: seth | Owner: seth Type: Task | Status: assigned Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ---------------------+---------------------- Changes (by seth): * owner: => seth * status: new => assigned -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Sat Jan 7 23:22:59 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Sun, 08 Jan 2012 07:22:59 -0000 Subject: [Bro-Dev] #733: Protocol Documentation Bundle 3 In-Reply-To: <046.8c5470e2499f6f33b5b9daff8efb1f91@tracker.bro-ids.org> References: <046.8c5470e2499f6f33b5b9daff8efb1f91@tracker.bro-ids.org> Message-ID: <061.b75db90e778f892f87ccca3e9a5df89c@tracker.bro-ids.org> #733: Protocol Documentation Bundle 3 ---------------------+-------------------- Reporter: seth | Owner: seth Type: Task | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: fixed | Keywords: ---------------------+-------------------- Changes (by seth): * status: assigned => closed * resolution: => fixed Comment: In [3be1222532eaf8a19030570a001c57ffe28e27ca/bro]: {{{ #!CommitTicketReference repository="bro" revision="3be1222532eaf8a19030570a001c57ffe28e27ca" Documentation updates for HTTP & IRC scripts. Closes #733 }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Sun Jan 8 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sun, 8 Jan 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201080800.q08802Gd006392@bro-ids.icir.org> > Open Merge Requests for Bro2.0 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 737 [1] | seth | jsiwek | Normal | SFTP log rotator Bro | 743 [2] | jsiwek | | Normal | topic/jsiwek/openbsd-support [3] [1] #737: http://tracker.bro-ids.org/bro/ticket/737 [2] #743: http://tracker.bro-ids.org/bro/ticket/743 [3] openbsd-support: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/openbsd-support From bro at tracker.bro-ids.org Sun Jan 8 21:07:03 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 09 Jan 2012 05:07:03 -0000 Subject: [Bro-Dev] #743: topic/jsiwek/openbsd-support In-Reply-To: <048.74724c0a44a72c7a2cddd9bfb42d27c7@tracker.bro-ids.org> References: <048.74724c0a44a72c7a2cddd9bfb42d27c7@tracker.bro-ids.org> Message-ID: <063.45175c8f0d45b4fbbffdda003ce558a0@tracker.bro-ids.org> #743: topic/jsiwek/openbsd-support ----------------------------+------------------------ Reporter: jsiwek | Owner: jsiwek Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => jsiwek * status: new => assigned Comment: With this change, I'm now getting these warning on Linux: [..]/config.h:153:0: warning: "DLT_PPP_SERIAL" redefined [enabled by default] -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Mon Jan 9 00:00:03 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Mon, 9 Jan 2012 00:00:03 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201090800.q09803RE005086@bro-ids.icir.org> > Open Merge Requests for Bro2.0 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 737 [1] | seth | jsiwek | Normal | SFTP log rotator Bro | 743 [2] | jsiwek | jsiwek | Normal | topic/jsiwek/openbsd-support [3] [1] #737: http://tracker.bro-ids.org/bro/ticket/737 [2] #743: http://tracker.bro-ids.org/bro/ticket/743 [3] openbsd-support: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/openbsd-support From bro at tracker.bro-ids.org Mon Jan 9 12:24:05 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 09 Jan 2012 20:24:05 -0000 Subject: [Bro-Dev] #731: Protocol Documentation Bundle 1 In-Reply-To: <046.32d64d3909fa99692c8d1d9723dff514@tracker.bro-ids.org> References: <046.32d64d3909fa99692c8d1d9723dff514@tracker.bro-ids.org> Message-ID: <061.c31dfb61dd51042d7aa3775972e1b1f1@tracker.bro-ids.org> #731: Protocol Documentation Bundle 1 ---------------------+-------------------- Reporter: seth | Owner: jsiwek Type: Task | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: fixed | Keywords: ---------------------+-------------------- Changes (by jsiwek): * status: assigned => closed * resolution: => fixed Comment: In [62d012e04aad212c7195f4ad3fd3ad43920efcb7/bro]: {{{ #!CommitTicketReference repository="bro" revision="62d012e04aad212c7195f4ad3fd3ad43920efcb7" Add Conn and DNS protocol script documentation. (fixes #731) }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From seth at icir.org Mon Jan 9 13:58:01 2012 From: seth at icir.org (Seth Hall) Date: Mon, 9 Jan 2012 16:58:01 -0500 Subject: [Bro-Dev] [Bro-Commits] [git/bro] topic/script-reference: Add ssl and syslog script documentation (acf5537) In-Reply-To: <201201092128.q09LS9jl001385@bro-ids.icir.org> References: <201201092128.q09LS9jl001385@bro-ids.icir.org> Message-ID: <4AF9E178-A6EF-4ED9-9765-B7F7DFB4FC8D@icir.org> On Jan 9, 2012, at 4:28 PM, Daniel Thayer wrote: > Add ssl and syslog script documentation Robin, before you merge this branch, let me do another run through it tonight. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/ From bro at tracker.bro-ids.org Mon Jan 9 14:21:48 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 09 Jan 2012 22:21:48 -0000 Subject: [Bro-Dev] #743: topic/jsiwek/openbsd-support In-Reply-To: <048.74724c0a44a72c7a2cddd9bfb42d27c7@tracker.bro-ids.org> References: <048.74724c0a44a72c7a2cddd9bfb42d27c7@tracker.bro-ids.org> Message-ID: <063.64e52445cea0ad4ff9dc3e03ba9445c7@tracker.bro-ids.org> #743: topic/jsiwek/openbsd-support ----------------------------+------------------------ Reporter: jsiwek | Owner: jsiwek Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Comment (by jsiwek): Replying to [comment:2 robin]: > With this change, I'm now getting these warning on Linux: > > [..]/config.h:153:0: warning: "DLT_PPP_SERIAL" redefined [enabled by default] Were you only building with the branch checked out in the `bro` repository? (it's also in `cmake`, `bro-aux`, `broccoli`, `broctl`) -- Ticket URL: Bro Tracker Bro Issue Tracker From robin at icir.org Mon Jan 9 14:47:01 2012 From: robin at icir.org (Robin Sommer) Date: Mon, 9 Jan 2012 14:47:01 -0800 Subject: [Bro-Dev] [Bro-Commits] [git/bro] topic/script-reference: Add ssl and syslog script documentation (acf5537) In-Reply-To: <4AF9E178-A6EF-4ED9-9765-B7F7DFB4FC8D@icir.org> References: <201201092128.q09LS9jl001385@bro-ids.icir.org> <4AF9E178-A6EF-4ED9-9765-B7F7DFB4FC8D@icir.org> Message-ID: <20120109224701.GA20471@icir.org> On Mon, Jan 09, 2012 at 16:58 -0500, you wrote: > Robin, before you merge this branch, let me do another run through it tonight. Depending on cycles, I may just go ahead with the merge later today. But in any case, just apply any further changes to the script-reference branch, I'll then re-merge it. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From bro at tracker.bro-ids.org Mon Jan 9 14:51:35 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 09 Jan 2012 22:51:35 -0000 Subject: [Bro-Dev] #743: topic/jsiwek/openbsd-support In-Reply-To: <048.74724c0a44a72c7a2cddd9bfb42d27c7@tracker.bro-ids.org> References: <048.74724c0a44a72c7a2cddd9bfb42d27c7@tracker.bro-ids.org> Message-ID: <063.847d0af3f9e1bf736be63550cafab1f5@tracker.bro-ids.org> #743: topic/jsiwek/openbsd-support ----------------------------+------------------------ Reporter: jsiwek | Owner: jsiwek Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Comment (by robin): On Mon, Jan 09, 2012 at 22:21 -0000, you wrote: > Were you only building with the branch checked out in the `bro` > repository? (it's also in `cmake`, `bro-aux`, `broccoli`, `broctl`) Yes, missed that, will merge the others well. -- Ticket URL: Bro Tracker Bro Issue Tracker From seth at icir.org Mon Jan 9 16:46:23 2012 From: seth at icir.org (Seth Hall) Date: Mon, 9 Jan 2012 19:46:23 -0500 Subject: [Bro-Dev] [Bro-Commits] [git/bro] topic/script-reference: Add ssl and syslog script documentation (acf5537) In-Reply-To: <20120109224701.GA20471@icir.org> References: <201201092128.q09LS9jl001385@bro-ids.icir.org> <4AF9E178-A6EF-4ED9-9765-B7F7DFB4FC8D@icir.org> <20120109224701.GA20471@icir.org> Message-ID: <0E5C0506-248C-4896-A57D-8E59C4098EE1@icir.org> On Jan 9, 2012, at 5:47 PM, Robin Sommer wrote: > Depending on cycles, I may just go ahead with the merge later today. > But in any case, just apply any further changes to the > script-reference branch, I'll then re-merge it. Ok. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/ From bro at tracker.bro-ids.org Mon Jan 9 18:28:18 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 02:28:18 -0000 Subject: [Bro-Dev] #737: SFTP log rotator In-Reply-To: <046.09063159df9ebfc39f5f9b22aa17d8c0@tracker.bro-ids.org> References: <046.09063159df9ebfc39f5f9b22aa17d8c0@tracker.bro-ids.org> Message-ID: <061.6484a58d0b0bbcbd834823a0022e86b6@tracker.bro-ids.org> #737: SFTP log rotator ----------------------------+------------------------ Reporter: seth | Owner: jsiwek Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * status: new => closed * resolution: => fixed Comment: In [03306d791d58a3cbbf708fca89c11c14e3c53b10/bro]: {{{ #!CommitTicketReference repository="bro" revision="03306d791d58a3cbbf708fca89c11c14e3c53b10" Merge remote-tracking branch 'origin/topic/jsiwek/sftp-pp' * origin/topic/jsiwek/sftp-pp: Add SFTP log postprocessor that transfers logs to remote hosts. Add FAQ entry about disabling NIC offloading features. Closes #737. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Jan 9 18:28:18 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 02:28:18 -0000 Subject: [Bro-Dev] #743: topic/jsiwek/openbsd-support In-Reply-To: <048.74724c0a44a72c7a2cddd9bfb42d27c7@tracker.bro-ids.org> References: <048.74724c0a44a72c7a2cddd9bfb42d27c7@tracker.bro-ids.org> Message-ID: <063.67ad3604cb672900fce773271ab35859@tracker.bro-ids.org> #743: topic/jsiwek/openbsd-support ----------------------------+------------------------ Reporter: jsiwek | Owner: jsiwek Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * status: assigned => closed * resolution: => fixed Comment: In [2efab49e127cd42cfb6609c0326491b12fc1d71e/bro]: {{{ #!CommitTicketReference repository="bro" revision="2efab49e127cd42cfb6609c0326491b12fc1d71e" Merge remote-tracking branch 'origin/topic/jsiwek/openbsd-support' * origin/topic/jsiwek/openbsd-support: Tweaks for OpenBSD support. Closes #743. [I've moved the OpenBSD note about the Makefile into the FAQ. There might be more stuff to add there over time.] }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From robin at icir.org Mon Jan 9 18:29:54 2012 From: robin at icir.org (Robin Sommer) Date: Mon, 9 Jan 2012 18:29:54 -0800 Subject: [Bro-Dev] [Bro-Commits] [git/bro] topic/script-reference: Add ssl and syslog script documentation (acf5537) In-Reply-To: <0E5C0506-248C-4896-A57D-8E59C4098EE1@icir.org> References: <201201092128.q09LS9jl001385@bro-ids.icir.org> <4AF9E178-A6EF-4ED9-9765-B7F7DFB4FC8D@icir.org> <20120109224701.GA20471@icir.org> <0E5C0506-248C-4896-A57D-8E59C4098EE1@icir.org> Message-ID: <20120110022954.GA76964@icir.org> I didn't do the merge anymore but I did just push a bunch of visual polishing. Have a look and let me know what you think. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From bro at tracker.bro-ids.org Mon Jan 9 20:13:54 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 04:13:54 -0000 Subject: [Bro-Dev] #745: Remote log rotators use 2 digit year Message-ID: <046.c6c24d3b3fd4dc856b215bcafee4fce2@tracker.bro-ids.org> #745: Remote log rotators use 2 digit year ---------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Keywords: | ---------------------+-------------------- The SFTP rotator at least names it's files with 2 digit years which should probably be 4 digit. Presumably the SCP rotator is doing the same. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Jan 9 22:21:19 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 06:21:19 -0000 Subject: [Bro-Dev] #746: Check the ssl/tls dpd signatures Message-ID: <046.eb25556d32a680febd26b39278dc9697@tracker.bro-ids.org> #746: Check the ssl/tls dpd signatures ---------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Keywords: | ---------------------+-------------------- I think there are some cases where the current ssl/tls dpd signatures won't work right. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Jan 9 22:23:43 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 06:23:43 -0000 Subject: [Bro-Dev] #734: Protocol Documentation Bundle 4 In-Reply-To: <046.eeb6a245efe2d29e8966e69a5c21770d@tracker.bro-ids.org> References: <046.eeb6a245efe2d29e8966e69a5c21770d@tracker.bro-ids.org> Message-ID: <061.e78ff47907a0d80056b7c7baf2f03257@tracker.bro-ids.org> #734: Protocol Documentation Bundle 4 -----------------------------+---------------------- Reporter: seth | Owner: dnthayer Type: Task | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: Solved/Applied | Keywords: -----------------------------+---------------------- Changes (by seth): * status: assigned => closed * resolution: => Solved/Applied -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Jan 9 22:31:35 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 06:31:35 -0000 Subject: [Bro-Dev] #478: Move BinPAC docs over to new server In-Reply-To: <047.826126acda25dd38cf616630391698f4@tracker.bro-ids.org> References: <047.826126acda25dd38cf616630391698f4@tracker.bro-ids.org> Message-ID: <062.99ab100f9506e03e6bb338ddee79524b@tracker.bro-ids.org> #478: Move BinPAC docs over to new server -----------------------------+-------------------- Reporter: robin | Owner: seth Type: Problem | Status: new Priority: Normal | Milestone: Bro2.1 Component: Website / Wiki | Version: Resolution: | Keywords: -----------------------------+-------------------- Changes (by seth): * milestone: Bro2.0 => Bro2.1 Comment: Definitely not a blocker. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 06:07:22 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 14:07:22 -0000 Subject: [Bro-Dev] #747: Scheduled event misfire Message-ID: <046.a42f21c91392be1b926e37206f116085@tracker.bro-ids.org> #747: Scheduled event misfire ---------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Keywords: | ---------------------+-------------------- If a scheduled event is scheduled in a bro_init handler it will fire the event really quickly at the beginning (much faster than a second) and not actually wait for the scheduled interval to hit. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 06:10:55 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 14:10:55 -0000 Subject: [Bro-Dev] #656: Add stats.bro back In-Reply-To: <047.2d9bdf13c6cee04531b4645e09da8cb7@tracker.bro-ids.org> References: <047.2d9bdf13c6cee04531b4645e09da8cb7@tracker.bro-ids.org> Message-ID: <062.7bb6e9fd1e36e7cd9d0078e0a97bb779@tracker.bro-ids.org> #656: Add stats.bro back ---------------------+------------------------ Reporter: robin | Owner: seth Type: Task | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: git/master Resolution: fixed | Keywords: ---------------------+------------------------ Changes (by seth): * status: assigned => closed * resolution: => fixed Comment: In [048516c6057dd55b4ff9d30587c826d575fce3df/bro]: {{{ #!CommitTicketReference repository="bro" revision="048516c6057dd55b4ff9d30587c826d575fce3df" Adding back the stats.bro file. Closes #656 }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 07:25:57 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 15:25:57 -0000 Subject: [Bro-Dev] #748: Allow creation of blank patterns Message-ID: <046.78bb5da8aeba6aaac7ac81eb139c5da7@tracker.bro-ids.org> #748: Allow creation of blank patterns -----------------------------+-------------------- Reporter: seth | Owner: Type: Feature Request | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Keywords: | -----------------------------+-------------------- Right now, it's not possible to create blank patterns of // but it would be helpful in cases where patterns are used as configuration variables but there is no default. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 07:39:54 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 15:39:54 -0000 Subject: [Bro-Dev] #745: Remote log rotators use 2 digit year In-Reply-To: <046.c6c24d3b3fd4dc856b215bcafee4fce2@tracker.bro-ids.org> References: <046.c6c24d3b3fd4dc856b215bcafee4fce2@tracker.bro-ids.org> Message-ID: <061.38cec8405ef840f139f2b66e36405c66@tracker.bro-ids.org> #745: Remote log rotators use 2 digit year ----------------------+-------------------- Reporter: seth | Owner: jsiwek Type: Problem | Status: closed Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: fixed | Keywords: ----------------------+-------------------- Changes (by jsiwek): * owner: => jsiwek * status: new => closed * resolution: => fixed Comment: In [f921a4d5db4912d446910aed79ea84b5159c092f/bro]: {{{ #!CommitTicketReference repository="bro" revision="f921a4d5db4912d446910aed79ea84b5159c092f" Change SFTP/SCP log rotators to use 4-digit year in filenames (fixes #745). }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 08:00:41 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 16:00:41 -0000 Subject: [Bro-Dev] #740: Bug resulting in too many internal type references In-Reply-To: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> References: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> Message-ID: <061.3f60dafd58ee87115ab2779eaa046eda@tracker.bro-ids.org> #740: Bug resulting in too many internal type references ----------------------+---------------------- Reporter: seth | Owner: jsiwek Type: Problem | Status: assigned Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: | Keywords: ----------------------+---------------------- Changes (by jsiwek): * owner: => jsiwek * status: new => assigned -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 08:09:14 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 16:09:14 -0000 Subject: [Bro-Dev] #603: Checking correctness of logs In-Reply-To: <047.5d54b4bcd94fce279ea5de274dc02946@tracker.bro-ids.org> References: <047.5d54b4bcd94fce279ea5de274dc02946@tracker.bro-ids.org> Message-ID: <062.6c0ee45c1c41a49e898f9fa67e09d676@tracker.bro-ids.org> #603: Checking correctness of logs ---------------------+------------------------ Reporter: robin | Owner: seth Type: Task | Status: assigned Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Resolution: | Keywords: ---------------------+------------------------ Changes (by seth): * owner: => seth * status: new => assigned * milestone: Bro2.0 => Bro2.1 Comment: I'm going to leave this ticket open because i still need to go back through all of the comments and file some tickets, etc. There are some problems that I know about, but they are relatively minor for the most part. I'll close this ticket when I have tickets filed for all of the actual problems discovered. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 08:40:19 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 16:40:19 -0000 Subject: [Bro-Dev] #749: Extend the file type to be able to represent sockets Message-ID: <046.2f100e2100d0e990ec4fe371768923af@tracker.bro-ids.org> #749: Extend the file type to be able to represent sockets -----------------------------+-------------------- Reporter: seth | Owner: Type: Feature Request | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Keywords: | -----------------------------+-------------------- I'd like to be able to create tcp and udp sockets and print to them. For example:: {{{ global my_socket = open("tcp://1.2.3.4:554"); print my_socket, "hello"; }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 08:47:35 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 16:47:35 -0000 Subject: [Bro-Dev] #750: Patch adding IPv6 support for pysubnettree Message-ID: <047.e6d50f498ca5a5aca3d4d44bb09a0d18@tracker.bro-ids.org> #750: Patch adding IPv6 support for pysubnettree --------------------------+-------------------- Reporter: robin | Owner: Type: Patch | Status: new Priority: Normal | Milestone: Bro2.1 Component: pysubnettree | Version: Keywords: ipv6 | --------------------------+-------------------- The attached patch adds IPv6 support to pysubnettree from Henry Stern / Cisco: {{{ Attached is a patch against pysubnetree 0.12 to add IPv6 support. I?ve updated the test cases appropriately. I managed to implement it with only one small change to the Python API. You had overloaded the __contains__ function to take both ascii and packed binary IPv4 addresses. The assumption that 4-byte addresses are packed binary addresses fails when you process both IPv4 and IPv6 addresses because ?1::2? is valid both as an ascii IPv6 address and a binary IPv4 address. Packed IPv6 addresses face similar issues. I solved this problem by adding an optional flag for the constructor ?binary_lookup_mode,? and an accessor/mutator function for the same. Please review it and let me know what you think. Also, I noticed that some return values from system calls in patricia.c are not checked. This is a problem for another day, but really does need to be addressed because a failed calloc will cause a mysterious segfault. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 08:47:48 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 16:47:48 -0000 Subject: [Bro-Dev] #750: Patch adding IPv6 support for pysubnettree In-Reply-To: <047.e6d50f498ca5a5aca3d4d44bb09a0d18@tracker.bro-ids.org> References: <047.e6d50f498ca5a5aca3d4d44bb09a0d18@tracker.bro-ids.org> Message-ID: <062.35155c207634bd8ba94bfa2d431b93b6@tracker.bro-ids.org> #750: Patch adding IPv6 support for pysubnettree ----------------------------+---------------------- Reporter: robin | Owner: robin Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.1 Component: pysubnettree | Version: Resolution: | Keywords: ipv6 ----------------------------+---------------------- Changes (by robin): * owner: => robin * status: new => assigned * type: Patch => Merge Request -- Ticket URL: Bro Tracker Bro Issue Tracker From robin at icir.org Tue Jan 10 08:54:43 2012 From: robin at icir.org (Robin Sommer) Date: Tue, 10 Jan 2012 08:54:43 -0800 Subject: [Bro-Dev] [Bro-Commits] [git/bro] master: A few more tiny documentation updates commited to the wrong branch. :) (86a1cbc) In-Reply-To: <201201101549.q0AFnGUp023164@bro-ids.icir.org> References: <201201101549.q0AFnGUp023164@bro-ids.icir.org> Message-ID: <20120110165443.GB88781@icir.org> On Tue, Jan 10, 2012 at 07:49 -0800, Seth Hall wrote: > A few more tiny documentation updates commited to the wrong branch. :) Note that these may cause conflicts during the script-reference merge if there are changes there around the same locations. Please keep doc changes there until it's in. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From bro at tracker.bro-ids.org Tue Jan 10 08:58:19 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 16:58:19 -0000 Subject: [Bro-Dev] #747: Scheduled event misfire In-Reply-To: <046.a42f21c91392be1b926e37206f116085@tracker.bro-ids.org> References: <046.a42f21c91392be1b926e37206f116085@tracker.bro-ids.org> Message-ID: <061.356330613ffdad24cd4287a12ab03208@tracker.bro-ids.org> #747: Scheduled event misfire ----------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Comment (by robin): On Tue, Jan 10, 2012 at 14:07 -0000, you wrote: > If a scheduled event is scheduled in a bro_init handler it will fire the > event really quickly at the beginning (much faster than a second) Yes, it fires immediately (more precisely: the next time timers are processed). It's not trivial to change iirc, but not impossible either. (It's even documented! From events.bif: {{{ ## When a ``bro_init`` handler executes, Bro has not yet seen any input packets ## and therefore :bro:id:`network_time` is not initialized yet. An artifact ## of that is that any timer installed in a ``bro_init`` handler will fire ## immediately with the first packet. The standard way to work around that is to ## ignore the first time the timer fires and immediately reschedule. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 10:26:25 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 18:26:25 -0000 Subject: [Bro-Dev] #740: Bug resulting in too many internal type references In-Reply-To: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> References: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> Message-ID: <061.f336d64e760519ae93667fb9d192aa3f@tracker.bro-ids.org> #740: Bug resulting in too many internal type references ----------------------+-------------------- Reporter: seth | Owner: jsiwek Type: Problem | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: fixed | Keywords: ----------------------+-------------------- Changes (by jsiwek): * status: assigned => closed * resolution: => fixed Comment: In [2348d794b6e0476a944b119e08319cae4bffc7b9/bro]: {{{ #!CommitTicketReference repository="bro" revision="2348d794b6e0476a944b119e08319cae4bffc7b9" Fix ref counting bug in BIFs that call internal_type. (fixes #740) }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 11:14:27 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 10 Jan 2012 19:14:27 -0000 Subject: [Bro-Dev] #736: Small Notice cleanup In-Reply-To: <046.7863520b7675cb56b8d9e690ada2a8b0@tracker.bro-ids.org> References: <046.7863520b7675cb56b8d9e690ada2a8b0@tracker.bro-ids.org> Message-ID: <061.f6e7ca48749f63ebdccb8a5c7718ad8e@tracker.bro-ids.org> #736: Small Notice cleanup -----------------------+-------------------- Reporter: seth | Owner: seth Type: Problem | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: Rejected | Keywords: -----------------------+-------------------- Changes (by seth): * status: new => closed * resolution: => Rejected Comment: I hate rewording notice messages. I'm just going to close this ticket. These will get updated over time and it's no reason to block the release. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 16:51:30 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 11 Jan 2012 00:51:30 -0000 Subject: [Bro-Dev] #656: Add stats.bro back In-Reply-To: <047.2d9bdf13c6cee04531b4645e09da8cb7@tracker.bro-ids.org> References: <047.2d9bdf13c6cee04531b4645e09da8cb7@tracker.bro-ids.org> Message-ID: <062.8609f03261ab4fb47bc5f1d520fcfd71@tracker.bro-ids.org> #656: Add stats.bro back ---------------------+------------------------ Reporter: robin | Owner: seth Type: Task | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: git/master Resolution: fixed | Keywords: ---------------------+------------------------ Comment (by robin): In [82b1ee072065594c0e58731ea2f32dfcedf7b10d/bro]: {{{ #!CommitTicketReference repository="bro" revision="82b1ee072065594c0e58731ea2f32dfcedf7b10d" Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: Change SFTP/SCP log rotators to use 4-digit year in filenames (fixes #745). Adding back the stats.bro file. Closes #745. Closes #656. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 16:51:30 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 11 Jan 2012 00:51:30 -0000 Subject: [Bro-Dev] #740: Bug resulting in too many internal type references In-Reply-To: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> References: <046.bf9948bc6e5aec6ec3d9ced3764f6b05@tracker.bro-ids.org> Message-ID: <061.cc5895d5e29093653464a3156411c01a@tracker.bro-ids.org> #740: Bug resulting in too many internal type references ----------------------+-------------------- Reporter: seth | Owner: jsiwek Type: Problem | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: fixed | Keywords: ----------------------+-------------------- Comment (by robin): In [a2e8146e4f52e46401142970e8150ebcc2951cd2/bro]: {{{ #!CommitTicketReference repository="bro" revision="a2e8146e4f52e46401142970e8150ebcc2951cd2" Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: Fix ref counting bug in BIFs that call internal_type. (fixes #740) }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 16:51:30 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 11 Jan 2012 00:51:30 -0000 Subject: [Bro-Dev] #731: Protocol Documentation Bundle 1 In-Reply-To: <046.32d64d3909fa99692c8d1d9723dff514@tracker.bro-ids.org> References: <046.32d64d3909fa99692c8d1d9723dff514@tracker.bro-ids.org> Message-ID: <061.e4497b08b41b1b967a3d01f6c6474742@tracker.bro-ids.org> #731: Protocol Documentation Bundle 1 ---------------------+-------------------- Reporter: seth | Owner: jsiwek Type: Task | Status: closed Priority: Normal | Milestone: Bro2.0 Component: Bro | Version: Resolution: fixed | Keywords: ---------------------+-------------------- Comment (by robin): In [3d2dc5f5fce968a31a922bd8b2fbf646122d2785/bro]: {{{ #!CommitTicketReference repository="bro" revision="3d2dc5f5fce968a31a922bd8b2fbf646122d2785" Merge remote-tracking branch 'origin/topic/script-reference' * origin/topic/script-reference: (50 commits) A few updates for the FAQ. Fixing some doc warnings. Forgot to add protocol identifier support for TLS 1.2 Finished SSL & syslog autodocs. Adding the draft SSL extension type next_protocol_negotiation. Fix some documentation errors. Tweaks. A set of script-reference polishing. fixed a couple typos in comments Add summary documentation to bif files. Add ssl and syslog script documentation Add Conn and DNS protocol script documentation. (fixes #731) Small updates to the default local.bro. Documentation updates for HTTP & IRC scripts. SSH&FTP Documentation updates. Fixing a warning from the documentation generation. This completes framework documentation package 4. Minor notice documentation tweaks. Fix some malformed Broxygen xref roles. Minor doc tweaks to init-bare.bro. ... Conflicts: aux/broccoli aux/broctl src/bro.bif src/strings.bif Includes: - Updated baselines for autodoc tests. - Now excluding stats.bro from external texts, it's not stable. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 10 16:51:30 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 11 Jan 2012 00:51:30 -0000 Subject: [Bro-Dev] #745: Remote log rotators use 2 digit year In-Reply-To: <046.c6c24d3b3fd4dc856b215bcafee4fce2@tracker.bro-ids.org> References: <046.c6c24d3b3fd4dc856b215bcafee4fce2@tracker.bro-ids.org> Message-ID: <061.9e998ff9ffaac025d954e7f8e24751bc@tracker.bro-ids.org> #745: Remote log rotators use 2 digit year ----------------------+-------------------- Reporter: seth | Owner: jsiwek Type: Problem | Status: closed Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: fixed | Keywords: ----------------------+-------------------- Comment (by robin): In [82b1ee072065594c0e58731ea2f32dfcedf7b10d/bro]: {{{ #!CommitTicketReference repository="bro" revision="82b1ee072065594c0e58731ea2f32dfcedf7b10d" Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: Change SFTP/SCP log rotators to use 4-digit year in filenames (fixes #745). Adding back the stats.bro file. Closes #745. Closes #656. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From seth at icir.org Tue Jan 10 16:57:08 2012 From: seth at icir.org (Seth Hall) Date: Tue, 10 Jan 2012 19:57:08 -0500 Subject: [Bro-Dev] #731: Protocol Documentation Bundle 1 In-Reply-To: <061.e4497b08b41b1b967a3d01f6c6474742@tracker.bro-ids.org> References: <046.32d64d3909fa99692c8d1d9723dff514@tracker.bro-ids.org> <061.e4497b08b41b1b967a3d01f6c6474742@tracker.bro-ids.org> Message-ID: On Jan 10, 2012, at 7:51 PM, Bro Tracker wrote: > - Now excluding stats.bro from external texts, it's not stable. Sorry, I forgot to mention that there is no way that would work with the tests. :) .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/ From bro at tracker.bro-ids.org Wed Jan 11 21:27:59 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 12 Jan 2012 05:27:59 -0000 Subject: [Bro-Dev] #751: Broxygen Wishlist Message-ID: <047.4b4140bee19348deee804641b473e786@tracker.bro-ids.org> #751: Broxygen Wishlist --------------------+-------------------- Reporter: robin | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: 2.0 Keywords: | --------------------+-------------------- Collecting a number of lower priority items here I noticed: - In a script's summary section, would be nice if the namespace linked to the corresponding index entry that lists all the scripts contributing to that namespace. - Thoughts on restructuring the summary section: * Notices: Should list the new Notices and link them to a part section in the Detailed Interface that describes them. Probably should then become the first entry of the Summary. * Redefinitions: Currently shows the type being modified and the text associated with the new comment, but not the new value itself. Not totally sure how to change, but perhaps just list the ID being modified here and then also link to Detailed INterface section. * Redefinitions: That's sometimes hard to understand currently, like in ?scripts/base/frameworks/notice/weird.html: It's not that intuitive that Weird::Log is added to Log::ID; and also not what the comment belongs to. * Package index: would be nice if it had a brief description of each package, ideally generated automatically somehow (from comments in the __load__.bro perhaps?) - make -j doesn't work reliably with the doc generation, can give some od errors. - With all docs in Sphinx now, it would be helpful not have to rebuild everything (including Broxygen) each time one runs "make doc". I remember we discussed using the pickled Sphinx cache before and it didn't seem worth the trouble. May be worth reconsiderng now to keep the rebuild times small when doing just doc/* changes. - CSS styling the Broxygen part is a bit tricky because it always impacts the rest of the Sphinx-generated content. Is there a way to have a general "broxygen" CSS selector to select only Broxygen items? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 11 21:34:31 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 12 Jan 2012 05:34:31 -0000 Subject: [Bro-Dev] #751: Broxygen Wishlist In-Reply-To: <047.4b4140bee19348deee804641b473e786@tracker.bro-ids.org> References: <047.4b4140bee19348deee804641b473e786@tracker.bro-ids.org> Message-ID: <062.ff6fb39358bd32238802839a1a8728c9@tracker.bro-ids.org> #751: Broxygen Wishlist ---------------------+-------------------- Reporter: robin | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: 2.0 Resolution: | Keywords: ---------------------+-------------------- Description changed by robin: Old description: > Collecting a number of lower priority items here I noticed: > > - In a script's summary section, would be nice if the namespace linked > to the corresponding index entry that lists all the scripts > contributing to that namespace. > > - Thoughts on restructuring the summary section: > > * Notices: Should list the new Notices and link them to a part > section in the Detailed Interface that describes them. Probably > should then become the first entry of the Summary. > > * Redefinitions: Currently shows the type being modified and the > text associated with the new comment, but not the new value > itself. Not totally sure how to change, but perhaps just list > the ID being modified here and then also link to Detailed > INterface section. > > * Redefinitions: That's sometimes hard to understand currently, > like in ?scripts/base/frameworks/notice/weird.html: It's not > that intuitive that Weird::Log is added to Log::ID; and also not > what the comment belongs to. > > * Package index: would be nice if it had a brief description of > each package, ideally generated automatically somehow (from > comments in the __load__.bro perhaps?) > > - make -j doesn't work reliably with the doc generation, can give some > od errors. > > - With all docs in Sphinx now, it would be helpful not have to rebuild > everything (including Broxygen) each time one runs "make doc". I > remember we discussed using the pickled Sphinx cache before and it > didn't seem worth the trouble. May be worth reconsiderng now to keep > the rebuild times small when doing just doc/* changes. > > - CSS styling the Broxygen part is a bit tricky because it always > impacts the rest of the Sphinx-generated content. Is there a way to > have a general "broxygen" CSS selector to select only Broxygen > items? New description: Collecting a number of lower priority items here I noticed: - In a script's summary section, would be nice if the namespace linked to the corresponding index entry that lists all the scripts contributing to that namespace. - Thoughts on restructuring the summary section: * Notices: Should list the new Notices and link them to a part in the Detailed Interface that describes them. Could then become the first entry of the Summary. * Redefinitions: Currently shows the type being modified and the text associated with the new comment, but not the new value itself. Not totally sure how to change, but perhaps just list the ID being modified here and then also link to Detailed INterface section. * Redefinitions: That's sometimes hard to understand currently, like in ?scripts/base/frameworks/notice/weird.html: It's not that intuitive that Weird::Log is added to Log::ID; and also not what the comment belongs to. * Package index: would be nice if it had a brief description of each package, ideally generated automatically somehow (from comments in the __load__.bro perhaps?) - make -j doesn't work reliably with the doc generation, can give some odd errors. - With all docs in Sphinx now, it would be helpful not have to rebuild everything (including Broxygen) each time one runs "make doc". I remember we discussed using the pickled Sphinx cache before and it didn't seem worth the trouble. May be worth reconsiderng now to keep the rebuild times small when doing just doc/* changes. - CSS styling the Broxygen part is a bit tricky because it always impacts the rest of the Sphinx-generated content. Is there a way to have a general "broxygen" CSS selector to select only Broxygen items? -- -- Ticket URL: Bro Tracker Bro Issue Tracker From robin at icir.org Wed Jan 11 21:40:36 2012 From: robin at icir.org (Robin Sommer) Date: Wed, 11 Jan 2012 21:40:36 -0800 Subject: [Bro-Dev] Moving forward Message-ID: <20120112054036.GN98650@icir.org> Alright, back to work. :) - I've created a branch release/2.0. Everything going in there will be part of future maintenance releases 2.0.x while we're working on 2.1. Same for BroControl, the branch is release/1.0. - For these branches, I think we should limit ourselves to important bug fixes only, no new features or other minor stuff. I don't think we have the resources to fully maintain two separate versions, so let's focus on 2.1. - To mark things for release/2.0, I've created a new milestone 2.0.x. Use that for tickets that need to be addressed in a maintenance release, and also for merge requests once we have the change ready. Please create separate merge requests for things that are to go into both 2.1 and 2.0.x so that we can track them independently. There are new pre-defined queries on the tracker home page now. - I didn't create release branches for the other submodules. For them, just commiting to master and doing occasional separate releases when helpful should be fine. Other than that, let's proceed as usual. :) Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From noreply at bro-ids.org Thu Jan 12 00:00:24 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Thu, 12 Jan 2012 00:00:24 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201120800.q0C80OI7001057@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 739 [1] | jsiwek | | Normal | topic/jsiwek/local-table-init [2] pysubnettree | 750 [3] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 9c42f02 | Daniel Thayer | 2012-01-11 | fixed some broken links [4] [1] #739: http://tracker.bro-ids.org/bro/ticket/739 [2] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init [3] #750: http://tracker.bro-ids.org/bro/ticket/750 [4] fastpath: http://tracker.bro-ids.org/bro/changeset/9c42f02082c41b088ae9313680091eebc28a2d47/bro From bro at tracker.bro-ids.org Thu Jan 12 07:47:16 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 12 Jan 2012 15:47:16 -0000 Subject: [Bro-Dev] #751: Broxygen Wishlist In-Reply-To: <047.4b4140bee19348deee804641b473e786@tracker.bro-ids.org> References: <047.4b4140bee19348deee804641b473e786@tracker.bro-ids.org> Message-ID: <062.5726b7cd296ee3e9c8e769fab9e0b7d2@tracker.bro-ids.org> #751: Broxygen Wishlist ---------------------+-------------------- Reporter: robin | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: 2.0 Resolution: | Keywords: ---------------------+-------------------- Comment (by jsiwek): > * Package index: would be nice if it had a brief description of each package, ideally generated automatically somehow (from comments in the __load__.bro perhaps?) The contents of any README file found in the package directory should be transferred as a description for the package index, but just none of those ever got created so far. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Jan 12 08:51:50 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 12 Jan 2012 16:51:50 -0000 Subject: [Bro-Dev] #751: Broxygen Wishlist In-Reply-To: <047.4b4140bee19348deee804641b473e786@tracker.bro-ids.org> References: <047.4b4140bee19348deee804641b473e786@tracker.bro-ids.org> Message-ID: <062.bd44d7084413b9374a2437617a1f4496@tracker.bro-ids.org> #751: Broxygen Wishlist ---------------------+-------------------- Reporter: robin | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: 2.0 Resolution: | Keywords: ---------------------+-------------------- Comment (by robin): > The contents of any README file found in the package directory should be > transferred as a description for the package index, but just none of those > ever got created so far. Cool, I totally missed that, otherwise I would have insisted on writing READMEs. :) We should do that ... -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Jan 12 10:59:03 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 12 Jan 2012 18:59:03 -0000 Subject: [Bro-Dev] #752: topic/jsiwek/brofiler Message-ID: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> #752: topic/jsiwek/brofiler ---------------------------+-------------------- Reporter: jsiwek | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Keywords: | ---------------------------+-------------------- This branch is in `bro` and `btest` repos and implements scripting-layer coverage analysis for the test suites. Bro was augmented to output script-layer statement execution data in the presence of the BROFILER_FILE environment variable and some minor scripts were added to the test suites to aggregate those data files into `coverage.log` files. That data seems like they'll generally help identify areas of scripts that lack testing coverage, but a goal of getting to 100% seems unreasonable since some statements are just naturally difficult or impossible to reach (which is sometimes a good thing!) and I haven't yet thought of a good way to automatically identify those or even manually maintaining a list of such statements might not be great since location information can change when scripts get modified. Let me know if there's any feedback on anything that can be improved. For the 2.0 release the coverage numbers I get are: - 52% coverage rate for the btest suite - 45% coverage rate for the external/bro-testing suite - 62% coverage rate for btest and external combined -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Jan 12 15:14:32 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 12 Jan 2012 23:14:32 -0000 Subject: [Bro-Dev] #752: topic/jsiwek/brofiler In-Reply-To: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> References: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> Message-ID: <063.16759f650b2158253d3811d48cde869a@tracker.bro-ids.org> #752: topic/jsiwek/brofiler ----------------------------+-------------------- Reporter: jsiwek | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------------+-------------------- Comment (by robin): > - 52% coverage rate for the btest suite > - 45% coverage rate for the external/bro-testing suite > - 62% coverage rate for btest and external combined That's not too bad already! Does it increase further with the private traces? > to aggregate those data files into `coverage.log` files. That data seems > like they'll generally help identify areas of scripts that lack testing > coverage, but a goal of getting to 100% seems unreasonable since some > statements are just naturally difficult or impossible to reach (which is > sometimes a good thing!) Hmm ... yeah. On the other hand, I think we need some hard criteria to aim for as otherwise we never know whether we have written sufficient tests (or for new functionality, what we need to write tests for). The number would keep going up and down as we progress. Could we insert markers right in the scripts that tag blocks that aren't counted towards the covaerage? Like a whitelist, but not external (because, as you say, locations chage), but coming with the script itself. For example: {{{ if ( xxx ) { # @no-test } }}} The "@no-test" would need to be part of a comment and always associated with the preceding block start. Robin -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Jan 12 18:58:29 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 13 Jan 2012 02:58:29 -0000 Subject: [Bro-Dev] #680: Add session_ticket handshake type to Bro's SSL/TLS parser In-Reply-To: <046.4d83677f8aacaea128fb59b77f77bb9d@tracker.bro-ids.org> References: <046.4d83677f8aacaea128fb59b77f77bb9d@tracker.bro-ids.org> Message-ID: <061.3421947e7890592485d0c734db8d6f45@tracker.bro-ids.org> #680: Add session_ticket handshake type to Bro's SSL/TLS parser ------------------------------+-------------------- Reporter: seth | Owner: Type: Feature Request | Status: closed Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: Solved/Applied | Keywords: ------------------------------+-------------------- Changes (by seth): * status: new => closed * resolution: => Solved/Applied Comment: This actually went into 2.0 -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Jan 12 19:03:32 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 13 Jan 2012 03:03:32 -0000 Subject: [Bro-Dev] #352: Make --enable-ipv6 default In-Reply-To: <047.752eeb1e1fab85f95a271a2ddf98f038@tracker.bro-ids.org> References: <047.752eeb1e1fab85f95a271a2ddf98f038@tracker.bro-ids.org> Message-ID: <062.adf5fd9351c57523ce01cd8af68a3643@tracker.bro-ids.org> #352: Make --enable-ipv6 default ---------------------+-------------------- Reporter: robin | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ipv6 ---------------------+-------------------- Changes (by seth): * keywords: => ipv6 -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Jan 12 19:08:00 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 13 Jan 2012 03:08:00 -0000 Subject: [Bro-Dev] #307: Complete IPv6 support In-Reply-To: <046.efb05b525c02d279854217ce367553cf@tracker.bro-ids.org> References: <046.efb05b525c02d279854217ce367553cf@tracker.bro-ids.org> Message-ID: <061.10c44e3e43a6312dd1acbc16f0698212@tracker.bro-ids.org> #307: Complete IPv6 support ---------------------+-------------------- Reporter: seth | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ipv6 ---------------------+-------------------- Changes (by seth): * keywords: => ipv6 -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Fri Jan 13 00:01:48 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Fri, 13 Jan 2012 00:01:48 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201130801.q0D81mwT021612@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 739 [1] | jsiwek | | Normal | topic/jsiwek/local-table-init [2] Bro | 752 [3] | jsiwek | | Normal | topic/jsiwek/brofiler [4] pysubnettree | 750 [5] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 9c42f02 | Daniel Thayer | 2012-01-11 | fixed some broken links [6] cmake | e8da8bb | Jon Siwek | 2012-01-12 | FindGooglePerftools now uses combined tcmalloc/cpu profiler library (fixes #689) [7] [1] #739: http://tracker.bro-ids.org/bro/ticket/739 [2] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init [3] #752: http://tracker.bro-ids.org/bro/ticket/752 [4] brofiler: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/brofiler [5] #750: http://tracker.bro-ids.org/bro/ticket/750 [6] fastpath: http://tracker.bro-ids.org/bro/changeset/9c42f02082c41b088ae9313680091eebc28a2d47/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/e8da8bb8e3d8edf939942f3387bff6ff9657ed8a/cmake From bro at tracker.bro-ids.org Fri Jan 13 08:37:35 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 13 Jan 2012 16:37:35 -0000 Subject: [Bro-Dev] #752: topic/jsiwek/brofiler In-Reply-To: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> References: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> Message-ID: <063.5a4e33a73845f74df8cc66b89b1abd91@tracker.bro-ids.org> #752: topic/jsiwek/brofiler ---------------------+---------------------- Reporter: jsiwek | Owner: jsiwek Type: Task | Status: assigned Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ---------------------+---------------------- Changes (by jsiwek): * owner: => jsiwek * status: new => assigned * type: Merge Request => Task Comment: > That's not too bad already! Does it increase further with the private > traces? Just to 64%. > Could we insert markers right in the scripts that tag blocks that > aren't counted towards the covaerage? I'll see what I can do. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 13 08:56:34 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 13 Jan 2012 16:56:34 -0000 Subject: [Bro-Dev] #752: topic/jsiwek/brofiler In-Reply-To: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> References: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> Message-ID: <063.f6c29c3bfbe79e0c426d3af3b181abcf@tracker.bro-ids.org> #752: topic/jsiwek/brofiler ---------------------+---------------------- Reporter: jsiwek | Owner: jsiwek Type: Task | Status: assigned Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ---------------------+---------------------- Description changed by jsiwek: Old description: > This branch is in `bro` and `btest` repos and implements scripting-layer > coverage analysis for the test suites. Bro was augmented to output > script-layer statement execution data in the presence of the > BROFILER_FILE environment variable and some minor scripts were added to > the test suites to aggregate those data files into `coverage.log` files. > That data seems like they'll generally help identify areas of scripts > that lack testing coverage, but a goal of getting to 100% seems > unreasonable since some statements are just naturally difficult or > impossible to reach (which is sometimes a good thing!) and I haven't yet > thought of a good way to automatically identify those or even manually > maintaining a list of such statements might not be great since location > information can change when scripts get modified. Let me know if there's > any feedback on anything that can be improved. > > For the 2.0 release the coverage numbers I get are: > > - 52% coverage rate for the btest suite > - 45% coverage rate for the external/bro-testing suite > - 62% coverage rate for btest and external combined New description: This branch is in `bro`, `btest`, `bro-testing`, and `bro-testing-private` repos and implements scripting-layer coverage analysis for the test suites. Bro was augmented to output script-layer statement execution data in the presence of the BROFILER_FILE environment variable and some minor scripts were added to the test suites to aggregate those data files into `coverage.log` files. That data seems like they'll generally help identify areas of scripts that lack testing coverage, but a goal of getting to 100% seems unreasonable since some statements are just naturally difficult or impossible to reach (which is sometimes a good thing!) and I haven't yet thought of a good way to automatically identify those or even manually maintaining a list of such statements might not be great since location information can change when scripts get modified. Let me know if there's any feedback on anything that can be improved. For the 2.0 release the coverage numbers I get are: - 52% coverage rate for the btest suite - 45% coverage rate for the external/bro-testing suite - 62% coverage rate for btest and external combined -- -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 13 13:24:27 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 13 Jan 2012 21:24:27 -0000 Subject: [Bro-Dev] #752: topic/jsiwek/brofiler In-Reply-To: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> References: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> Message-ID: <063.b72d55e75a3b560a67f7e24e55eaf996@tracker.bro-ids.org> #752: topic/jsiwek/brofiler ----------------------------+---------------------- Reporter: jsiwek | Owner: jsiwek Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------------+---------------------- Changes (by jsiwek): * type: Task => Merge Request Comment: Ok, added the ability to tag statement blocks so they aren't counted towards coverage. I didn't go through to blacklist anything yet, seems like that can be a task for later, so I'll switch back to a merge request (in bro, btest, bro-testing, bro-testing-private repos) since I don't have any ideas on what more needs done here to enable testing coverage analysis. -- Ticket URL: Bro Tracker Bro Issue Tracker From gregor at icir.org Fri Jan 13 21:45:31 2012 From: gregor at icir.org (Gregor Maier) Date: Fri, 13 Jan 2012 21:45:31 -0800 Subject: [Bro-Dev] #724: Changing semantics of ConnSizeAnalyzer In-Reply-To: <061.94fec119b461283c166495a4baa6752e@tracker.bro-ids.org> References: <046.17850f462f1693e7eabd016bb6cf8b36@tracker.bro-ids.org> <061.94fec119b461283c166495a4baa6752e@tracker.bro-ids.org> Message-ID: <4F11167B.7060707@icir.org> On 12/18/11 15:57 , Bro Tracker wrote: > #724: Changing semantics of ConnSizeAnalyzer > ----------------------+-------------------- > Reporter: seth | Owner: > Type: Problem | Status: new > Priority: High | Milestone: Bro2.0 > Component: Bro | Version: > Resolution: | Keywords: > ----------------------+-------------------- > > Comment (by robin): > > I'm reluctant to count only payload bytes as I find that not very > intuitive and also non-standard (NetFlow for example counts IP bytes > as well). Actually IIRC, NetFlow counts IP-payload (i.e., including tcp/udp headers but not IP headers). From bro at tracker.bro-ids.org Fri Jan 13 21:45:42 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Sat, 14 Jan 2012 05:45:42 -0000 Subject: [Bro-Dev] #724: Changing semantics of ConnSizeAnalyzer In-Reply-To: <046.17850f462f1693e7eabd016bb6cf8b36@tracker.bro-ids.org> References: <046.17850f462f1693e7eabd016bb6cf8b36@tracker.bro-ids.org> Message-ID: <061.d20c8e7fa22bb3694f625802cb2a5787@tracker.bro-ids.org> #724: Changing semantics of ConnSizeAnalyzer ----------------------+----------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Component: Bro | Version: Resolution: | Keywords: ----------------------+----------------- Comment (by gregor): On 12/18/11 15:57 , Bro Tracker wrote: >#724: Changing semantics of ConnSizeAnalyzer >----------------------+-------------------- > Reporter: seth | Owner: > Type: Problem | Status: new > Priority: High | Milestone: Bro2.0 > Component: Bro | Version: >Resolution: | Keywords: >----------------------+-------------------- > >Comment (by robin): > > I'm reluctant to count only payload bytes as I find that not very > intuitive and also non-standard (NetFlow for example counts IP bytes > as well). Actually IIRC, NetFlow counts IP-payload (i.e., including tcp/udp headers but not IP headers). -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 13 22:14:12 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Sat, 14 Jan 2012 06:14:12 -0000 Subject: [Bro-Dev] #749: Extend the file type to be able to represent sockets In-Reply-To: <046.2f100e2100d0e990ec4fe371768923af@tracker.bro-ids.org> References: <046.2f100e2100d0e990ec4fe371768923af@tracker.bro-ids.org> Message-ID: <061.dcd1c21805309141d43406cc8fa1a487@tracker.bro-ids.org> #749: Extend the file type to be able to represent sockets ------------------------------+-------------------- Reporter: seth | Owner: Type: Feature Request | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ------------------------------+-------------------- Comment (by gregor): On 1/10/12 8:40 , Bro Tracker wrote: >#749: Extend the file type to be able to represent sockets >-----------------------------+-------------------- > Reporter: seth | Owner: > Type: Feature Request | Status: new > Priority: Normal | Milestone: Bro2.1 >Component: Bro | Version: > Keywords: | >-----------------------------+-------------------- > I'd like to be able to create tcp and udp sockets and print to them. For > example:: > > {{{ > global my_socket = open("tcp://1.2.3.4:554"); > print my_socket, "hello"; > }}} We would need to use async / non-blocking I/O then. cu gregor -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Sat Jan 14 00:02:45 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 14 Jan 2012 00:02:45 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201140802.q0E82jM4001428@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 739 [1] | jsiwek | | Normal | topic/jsiwek/local-table-init [2] Bro | 752 [3] | jsiwek | jsiwek | Normal | topic/jsiwek/brofiler [4] pysubnettree | 750 [5] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree > Open Merge Requests for Bro2.0.x > ================================ Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ | [6] | | | | 200 Ok | [7] | | | | | [8] | | | |

Ok

| [9] | | | |

The server encountered an internal error or | [10] | | | | misconfiguration and was unable to complete | [11] | | | | your request.

| [12] | | | |

Please contact the server administrator, | [13] | | | | info at bro-ids.org and inform them of the time the error occurred, | [14] | | | | and anything you might have done that may have | [15] | | | | caused the error.

| [16] | | | |

More information about this error may be available | [17] | | | | in the server error log.

| [18] | | | | | [19] | | | | > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | ec6560a | Jon Siwek | 2012-01-13 | Make communication log baseline test more reliable. [20] bro | 9c42f02 | Daniel Thayer | 2012-01-11 | fixed some broken links [21] cmake | e8da8bb | Jon Siwek | 2012-01-12 | FindGooglePerftools now uses combined tcmalloc/cpu profiler library (fixes #689) [22] [1] #739: http://tracker.bro-ids.org/bro/ticket/739 [2] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init [3] #752: http://tracker.bro-ids.org/bro/ticket/752 [4] brofiler: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/brofiler [5] #750: http://tracker.bro-ids.org/bro/ticket/750 [6] #0: http://tracker.bro-ids.org/bro/ticket/ [7] #0: http://tracker.bro-ids.org/bro/ticket/ [8] #0: http://tracker.bro-ids.org/bro/ticket/ [9] #0: http://tracker.bro-ids.org/bro/ticket/ [10] #0: http://tracker.bro-ids.org/bro/ticket/ [11] #0: http://tracker.bro-ids.org/bro/ticket/ [12] #0: http://tracker.bro-ids.org/bro/ticket/ [13] #0: http://tracker.bro-ids.org/bro/ticket/ [14] #0: http://tracker.bro-ids.org/bro/ticket/ [15] #0: http://tracker.bro-ids.org/bro/ticket/ [16] #0: http://tracker.bro-ids.org/bro/ticket/ [17] #0: http://tracker.bro-ids.org/bro/ticket/ [18] #0: http://tracker.bro-ids.org/bro/ticket/ [19] #0: http://tracker.bro-ids.org/bro/ticket/ [2] fastpath: http://tracker.bro-ids.org/bro/changeset/ec6560a6ed9235deb6d3976c544688abd494bab9/bro [2] fastpath: http://tracker.bro-ids.org/bro/changeset/9c42f02082c41b088ae9313680091eebc28a2d47/bro [2] fastpath: http://tracker.bro-ids.org/bro/changeset/e8da8bb8e3d8edf939942f3387bff6ff9657ed8a/cmake From noreply at bro-ids.org Sun Jan 15 00:04:33 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sun, 15 Jan 2012 00:04:33 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201150804.q0F84XQt006990@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ | [1] | | | | 500 Internal Server Error | [2] | | | | | [3] | | | |

Internal Server Error

| [4] | | | |

The server encountered an internal error or | [5] | | | | misconfiguration and was unable to complete | [6] | | | | your request.

| [7] | | | |

Please contact the server administrator, | [8] | | | | info at bro-ids.org and inform them of the time the error occurred, | [9] | | | | and anything you might have done that may have | [10] | | | | caused the error.

| [11] | | | |

More information about this error may be available | [12] | | | | in the server error log.

| [13] | | | | | [14] | | | | > Open Merge Requests for Bro2.0.x > ================================ Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ | [15] | | | | 500 Internal Server Error | [16] | | | | | [17] | | | |

Internal Server Error

| [18] | | | |

The server encountered an internal error or | [19] | | | | misconfiguration and was unable to complete | [20] | | | | your request.

| [21] | | | |

Please contact the server administrator, | [22] | | | | info at bro-ids.org and inform them of the time the error occurred, | [23] | | | | and anything you might have done that may have | [24] | | | | caused the error.

| [25] | | | |

More information about this error may be available | [26] | | | | in the server error log.

| [27] | | | | | [28] | | | | > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | ec6560a | Jon Siwek | 2012-01-13 | Make communication log baseline test more reliable. [29] bro | 9c42f02 | Daniel Thayer | 2012-01-11 | fixed some broken links [30] cmake | e8da8bb | Jon Siwek | 2012-01-12 | FindGooglePerftools now uses combined tcmalloc/cpu profiler library (fixes #689) [31] [1] #0: http://tracker.bro-ids.org/bro/ticket/ [2] #0: http://tracker.bro-ids.org/bro/ticket/ [3] #0: http://tracker.bro-ids.org/bro/ticket/ [4] #0: http://tracker.bro-ids.org/bro/ticket/ [5] #0: http://tracker.bro-ids.org/bro/ticket/ [6] #0: http://tracker.bro-ids.org/bro/ticket/ [7] #0: http://tracker.bro-ids.org/bro/ticket/ [8] #0: http://tracker.bro-ids.org/bro/ticket/ [9] #0: http://tracker.bro-ids.org/bro/ticket/ [10] #0: http://tracker.bro-ids.org/bro/ticket/ [11] #0: http://tracker.bro-ids.org/bro/ticket/ [12] #0: http://tracker.bro-ids.org/bro/ticket/ [13] #0: http://tracker.bro-ids.org/bro/ticket/ [14] #0: http://tracker.bro-ids.org/bro/ticket/ [15] #0: http://tracker.bro-ids.org/bro/ticket/ [16] #0: http://tracker.bro-ids.org/bro/ticket/ [17] #0: http://tracker.bro-ids.org/bro/ticket/ [18] #0: http://tracker.bro-ids.org/bro/ticket/ [19] #0: http://tracker.bro-ids.org/bro/ticket/ [20] #0: http://tracker.bro-ids.org/bro/ticket/ [21] #0: http://tracker.bro-ids.org/bro/ticket/ [22] #0: http://tracker.bro-ids.org/bro/ticket/ [23] #0: http://tracker.bro-ids.org/bro/ticket/ [24] #0: http://tracker.bro-ids.org/bro/ticket/ [25] #0: http://tracker.bro-ids.org/bro/ticket/ [26] #0: http://tracker.bro-ids.org/bro/ticket/ [27] #0: http://tracker.bro-ids.org/bro/ticket/ [28] #0: http://tracker.bro-ids.org/bro/ticket/ [2] fastpath: http://tracker.bro-ids.org/bro/changeset/ec6560a6ed9235deb6d3976c544688abd494bab9/bro [3] fastpath: http://tracker.bro-ids.org/bro/changeset/9c42f02082c41b088ae9313680091eebc28a2d47/bro [3] fastpath: http://tracker.bro-ids.org/bro/changeset/e8da8bb8e3d8edf939942f3387bff6ff9657ed8a/cmake From noreply at bro-ids.org Mon Jan 16 00:00:01 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Mon, 16 Jan 2012 00:00:01 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201160800.q0G801L4028590@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 739 [1] | jsiwek | | Normal | topic/jsiwek/local-table-init [2] Bro | 752 [3] | jsiwek | jsiwek | Normal | topic/jsiwek/brofiler [4] pysubnettree | 750 [5] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | ec6560a | Jon Siwek | 2012-01-13 | Make communication log baseline test more reliable. [6] bro | 9c42f02 | Daniel Thayer | 2012-01-11 | fixed some broken links [7] cmake | e8da8bb | Jon Siwek | 2012-01-12 | FindGooglePerftools now uses combined tcmalloc/cpu profiler library (fixes #689) [8] [1] #739: http://tracker.bro-ids.org/bro/ticket/739 [2] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init [3] #752: http://tracker.bro-ids.org/bro/ticket/752 [4] brofiler: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/brofiler [5] #750: http://tracker.bro-ids.org/bro/ticket/750 [6] fastpath: http://tracker.bro-ids.org/bro/changeset/ec6560a6ed9235deb6d3976c544688abd494bab9/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/9c42f02082c41b088ae9313680091eebc28a2d47/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/e8da8bb8e3d8edf939942f3387bff6ff9657ed8a/cmake From noreply at bro-ids.org Tue Jan 17 00:00:01 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Tue, 17 Jan 2012 00:00:01 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201170800.q0H801VU011426@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 739 [1] | jsiwek | | Normal | topic/jsiwek/local-table-init [2] Bro | 752 [3] | jsiwek | jsiwek | Normal | topic/jsiwek/brofiler [4] pysubnettree | 750 [5] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | ec6560a | Jon Siwek | 2012-01-13 | Make communication log baseline test more reliable. [6] bro | 9c42f02 | Daniel Thayer | 2012-01-11 | fixed some broken links [7] cmake | e8da8bb | Jon Siwek | 2012-01-12 | FindGooglePerftools now uses combined tcmalloc/cpu profiler library (fixes #689) [8] [1] #739: http://tracker.bro-ids.org/bro/ticket/739 [2] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init [3] #752: http://tracker.bro-ids.org/bro/ticket/752 [4] brofiler: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/brofiler [5] #750: http://tracker.bro-ids.org/bro/ticket/750 [6] fastpath: http://tracker.bro-ids.org/bro/changeset/ec6560a6ed9235deb6d3976c544688abd494bab9/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/9c42f02082c41b088ae9313680091eebc28a2d47/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/e8da8bb8e3d8edf939942f3387bff6ff9657ed8a/cmake From bro at tracker.bro-ids.org Tue Jan 17 14:34:43 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 17 Jan 2012 22:34:43 -0000 Subject: [Bro-Dev] #306: Write a new user manual In-Reply-To: <046.b5f6eda94a2759af201753eaf30711c5@tracker.bro-ids.org> References: <046.b5f6eda94a2759af201753eaf30711c5@tracker.bro-ids.org> Message-ID: <061.956f5b25df279c2443ca347efaaef91b@tracker.bro-ids.org> #306: Write a new user manual -------------------+-------------------- Reporter: seth | Owner: Type: Task | Status: new Priority: High | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: -------------------+-------------------- Changes (by seth): * priority: Normal => High -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 17 14:35:48 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 17 Jan 2012 22:35:48 -0000 Subject: [Bro-Dev] #307: Complete IPv6 support In-Reply-To: <046.efb05b525c02d279854217ce367553cf@tracker.bro-ids.org> References: <046.efb05b525c02d279854217ce367553cf@tracker.bro-ids.org> Message-ID: <061.a4be9a92f2c59eab55786e3580ed1ef6@tracker.bro-ids.org> #307: Complete IPv6 support -------------------+-------------------- Reporter: seth | Owner: Type: Task | Status: new Priority: High | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ipv6 -------------------+-------------------- Changes (by seth): * priority: Normal => High -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 17 14:36:41 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 17 Jan 2012 22:36:41 -0000 Subject: [Bro-Dev] #305: Replace communication system with 0mq In-Reply-To: <046.5ba3e7283a6ab0d7a373bc3ff0868884@tracker.bro-ids.org> References: <046.5ba3e7283a6ab0d7a373bc3ff0868884@tracker.bro-ids.org> Message-ID: <061.a670afabd2e0edaacc29cb27d24ff16d@tracker.bro-ids.org> #305: Replace communication system with 0mq ----------------------+-------------------- Reporter: seth | Owner: Type: Task | Status: closed Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: Invalid | Keywords: ----------------------+-------------------- Changes (by seth): * status: new => closed * resolution: => Invalid -- Ticket URL: Bro Tracker Bro Issue Tracker From slagell at illinois.edu Tue Jan 17 15:36:54 2012 From: slagell at illinois.edu (Slagell, Adam J) Date: Tue, 17 Jan 2012 23:36:54 +0000 Subject: [Bro-Dev] #306: Write a new user manual In-Reply-To: <061.956f5b25df279c2443ca347efaaef91b@tracker.bro-ids.org> References: <046.b5f6eda94a2759af201753eaf30711c5@tracker.bro-ids.org> <061.956f5b25df279c2443ca347efaaef91b@tracker.bro-ids.org> Message-ID: Doing this as we talked? :-) Sent from my mobile On Jan 17, 2012, at 4:34 PM, "Bro Tracker" wrote: > #306: Write a new user manual > -------------------+-------------------- > Reporter: seth | Owner: > Type: Task | Status: new > Priority: High | Milestone: Bro2.1 > Component: Bro | Version: > Resolution: | Keywords: > -------------------+-------------------- > Changes (by seth): > > * priority: Normal => High > > > -- > Ticket URL: > Bro Tracker > Bro Issue Tracker > > _______________________________________________ > bro-dev mailing list > bro-dev at bro-ids.org > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev > From bro at tracker.bro-ids.org Tue Jan 17 17:15:29 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 18 Jan 2012 01:15:29 -0000 Subject: [Bro-Dev] #306: Write a new user manual In-Reply-To: <046.b5f6eda94a2759af201753eaf30711c5@tracker.bro-ids.org> References: <046.b5f6eda94a2759af201753eaf30711c5@tracker.bro-ids.org> Message-ID: <061.efad631694cc0a1b043c58c9fb48d079@tracker.bro-ids.org> #306: Write a new user manual -------------------+-------------------- Reporter: seth | Owner: Type: Task | Status: new Priority: High | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: -------------------+-------------------- Comment (by seth): > Doing this as we talked? :-) Yes. :) -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 17 17:30:23 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 18 Jan 2012 01:30:23 -0000 Subject: [Bro-Dev] #301: Switch to binary logging In-Reply-To: <046.26b2c9b3fb5b3c5022b521115d956856@tracker.bro-ids.org> References: <046.26b2c9b3fb5b3c5022b521115d956856@tracker.bro-ids.org> Message-ID: <061.626ee4fab9ada1bdaf75d32103091998@tracker.bro-ids.org> #301: Switch to binary logging ------------------------------+-------------------- Reporter: seth | Owner: Type: Feature Request | Status: new Priority: High | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ------------------------------+-------------------- Changes (by seth): * priority: Normal => High -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 17 17:30:43 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 18 Jan 2012 01:30:43 -0000 Subject: [Bro-Dev] #352: Make --enable-ipv6 default In-Reply-To: <047.752eeb1e1fab85f95a271a2ddf98f038@tracker.bro-ids.org> References: <047.752eeb1e1fab85f95a271a2ddf98f038@tracker.bro-ids.org> Message-ID: <062.223f4337ed545082553c4a98fa423061@tracker.bro-ids.org> #352: Make --enable-ipv6 default --------------------+-------------------- Reporter: robin | Owner: Type: Task | Status: new Priority: High | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ipv6 --------------------+-------------------- Changes (by seth): * priority: Normal => High -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Wed Jan 18 00:00:01 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Wed, 18 Jan 2012 00:00:01 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201180800.q0I801U3028265@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 739 [1] | jsiwek | | Normal | topic/jsiwek/local-table-init [2] Bro | 752 [3] | jsiwek | jsiwek | Normal | topic/jsiwek/brofiler [4] pysubnettree | 750 [5] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | ec6560a | Jon Siwek | 2012-01-13 | Make communication log baseline test more reliable. [6] bro | 9c42f02 | Daniel Thayer | 2012-01-11 | fixed some broken links [7] cmake | e8da8bb | Jon Siwek | 2012-01-12 | FindGooglePerftools now uses combined tcmalloc/cpu profiler library (fixes #689) [8] [1] #739: http://tracker.bro-ids.org/bro/ticket/739 [2] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init [3] #752: http://tracker.bro-ids.org/bro/ticket/752 [4] brofiler: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/brofiler [5] #750: http://tracker.bro-ids.org/bro/ticket/750 [6] fastpath: http://tracker.bro-ids.org/bro/changeset/ec6560a6ed9235deb6d3976c544688abd494bab9/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/9c42f02082c41b088ae9313680091eebc28a2d47/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/e8da8bb8e3d8edf939942f3387bff6ff9657ed8a/cmake From bro at tracker.bro-ids.org Wed Jan 18 08:05:36 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 18 Jan 2012 16:05:36 -0000 Subject: [Bro-Dev] #451: Remove DNS options for skipping auth/addl events In-Reply-To: <047.8ae817995be2255322e68a394e45df3e@tracker.bro-ids.org> References: <047.8ae817995be2255322e68a394e45df3e@tracker.bro-ids.org> Message-ID: <062.6b9f3faecd120be113928cca33b6c833@tracker.bro-ids.org> #451: Remove DNS options for skipping auth/addl events ---------------------+-------------------- Reporter: robin | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ---------------------+-------------------- Comment (by seth): I'm conflicted on this. I fear that we may cause legitimate performance problems in some cases by removing these options. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 18 08:07:15 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 18 Jan 2012 16:07:15 -0000 Subject: [Bro-Dev] #753: Remove the match statement Message-ID: <046.7542a9a4cc041d43889cad73e3ab0b83@tracker.bro-ids.org> #753: Remove the match statement --------------------+------------------------ Reporter: seth | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Keywords: | --------------------+------------------------ The match statement is no longer used and doesn't have any new use cases on the horizon. We should probably remove it as a preemptive clean up. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 18 08:08:44 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 18 Jan 2012 16:08:44 -0000 Subject: [Bro-Dev] #754: Complete implementation of switch statement Message-ID: <046.7621c0239b949326b069b865a7c4ac91@tracker.bro-ids.org> #754: Complete implementation of switch statement ----------------------+------------------------ Reporter: seth | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Keywords: language | ----------------------+------------------------ The switch statement is stubbed out in the parser but it's not completely implemented. I'd like to have it available, there are several use cases where it would be handy to have. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 18 13:33:00 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 18 Jan 2012 21:33:00 -0000 Subject: [Bro-Dev] #730: Find and fix tcp sequence counting bugs In-Reply-To: <046.dcc46d96df7639fb8de3a135dbe7e0cc@tracker.bro-ids.org> References: <046.dcc46d96df7639fb8de3a135dbe7e0cc@tracker.bro-ids.org> Message-ID: <061.a12cf437f3c68c6f425647c91adaad19@tracker.bro-ids.org> #730: Find and fix tcp sequence counting bugs ----------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Changes (by seth): * priority: Normal => High Comment: I'll try and get some tracefiles posted here soon that exhibit the problem. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 18 16:08:39 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 19 Jan 2012 00:08:39 -0000 Subject: [Bro-Dev] #755: Bogus DNS_truncated_ans_too_short notice in weird.log for NetBIOS DNS responses Message-ID: <050.d53f19c650c18d43fd5c8bf59f396338@tracker.bro-ids.org> #755: Bogus DNS_truncated_ans_too_short notice in weird.log for NetBIOS DNS responses ----------------------+------------------------ Reporter: matthias | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Keywords: | ----------------------+------------------------ As part of the trace testing for 2.0, I found an issue with NetBIOS DNS traffic. (To reproduce, run Bro on slice 10 trace 6.) The issue is that aach NetBIOS DNS response elicits a `DNS_truncated_ans_too_short` notice. Presumably this occurs because the DNS analyzer is not aware when it analyzes NetBIOS traffic and always uses default DNS settings. Here is an excerpt of `weird.log`: {{{ #separator \x09 #path weird #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1258595204.973641 zXeo86cfbm7 192.168.1.1 137 192.168.1.103 137 DNS_label_len_gt_pkt - F bro 1258595204.973641 zXeo86cfbm7 192.168.1.1 137 192.168.1.103 137 DNS_truncated_ans_too_short - F bro 1258595929.455451 z4HTnleZ5K7 192.168.1.1 137 192.168.1.103 137 DNS_truncated_ans_too_short - F bro 1258596653.936597 JabVxb51nSh 192.168.1.1 137 192.168.1.103 137 DNS_truncated_ans_too_short - F bro 1258597378.402488 wP49IojzMDi 192.168.1.1 137 192.168.1.103 137 DNS_truncated_ans_too_short - F bro 1258598102.868114 yFYuqEzJF87 192.168.1.1 137 192.168.1.103 137 DNS_truncated_ans_too_short - F bro [..] }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Thu Jan 19 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Thu, 19 Jan 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201190800.q0J8028R006583@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 739 [1] | jsiwek | | Normal | topic/jsiwek/local-table-init [2] Bro | 752 [3] | jsiwek | jsiwek | Normal | topic/jsiwek/brofiler [4] pysubnettree | 750 [5] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree [1] #739: http://tracker.bro-ids.org/bro/ticket/739 [2] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init [3] #752: http://tracker.bro-ids.org/bro/ticket/752 [4] brofiler: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/brofiler [5] #750: http://tracker.bro-ids.org/bro/ticket/750 From bro at tracker.bro-ids.org Thu Jan 19 16:08:40 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 20 Jan 2012 00:08:40 -0000 Subject: [Bro-Dev] #684: Change to_port BiF to take a string as argument In-Reply-To: <050.b20757078e176ef09b16f1693c6f73e6@tracker.bro-ids.org> References: <050.b20757078e176ef09b16f1693c6f73e6@tracker.bro-ids.org> Message-ID: <065.a9444393693aa0e763f99c45b2c137d1@tracker.bro-ids.org> #684: Change to_port BiF to take a string as argument ----------------------------+------------------------ Reporter: matthias | Owner: matthias Type: Merge Request | Status: accepted Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by matthias): * type: Patch => Merge Request -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Fri Jan 20 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Fri, 20 Jan 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201200800.q0K802iI018101@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 684 [1] | matthias | matthias | Normal | Change to_port BiF to take a string as argument Bro | 739 [2] | jsiwek | | Normal | topic/jsiwek/local-table-init [3] Bro | 752 [4] | jsiwek | jsiwek | Normal | topic/jsiwek/brofiler [5] pysubnettree | 750 [6] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro-aux | a89ee54 | Daniel Thayer | 2012-01-19 | Fix a bro-cut error message and correct some typos [7] [1] #684: http://tracker.bro-ids.org/bro/ticket/684 [2] #739: http://tracker.bro-ids.org/bro/ticket/739 [3] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init [4] #752: http://tracker.bro-ids.org/bro/ticket/752 [5] brofiler: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/brofiler [6] #750: http://tracker.bro-ids.org/bro/ticket/750 [7] fastpath: http://tracker.bro-ids.org/bro/changeset/a89ee548abcc838b97ff86707b7d01b1d957a3fa/bro-aux From bro at tracker.bro-ids.org Fri Jan 20 07:39:44 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 20 Jan 2012 15:39:44 -0000 Subject: [Bro-Dev] #689: Adding CPU Profiler to FindGooglePerftools In-Reply-To: <048.77123b2850aa4bfb2ea8301ccf8d27a3@tracker.bro-ids.org> References: <048.77123b2850aa4bfb2ea8301ccf8d27a3@tracker.bro-ids.org> Message-ID: <063.c4c7e7397cd0d14b1aab4033f61f7ae8@tracker.bro-ids.org> #689: Adding CPU Profiler to FindGooglePerftools -----------------------------+-------------------- Reporter: jswaro | Owner: Type: Patch | Status: closed Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: Solved/Applied | Keywords: -----------------------------+-------------------- Changes (by jsiwek): * status: new => closed * resolution: => Solved/Applied Comment: Fixed in [e8da8bb8e3d8edf939942f3387bff6ff9657ed8a/cmake] -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 20 14:57:30 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 20 Jan 2012 22:57:30 -0000 Subject: [Bro-Dev] #464: Bug with complex data structures In-Reply-To: <046.9f65dde0f285b762925aca06fe80721f@tracker.bro-ids.org> References: <046.9f65dde0f285b762925aca06fe80721f@tracker.bro-ids.org> Message-ID: <061.37333975f19a750895d501eba6a31a09@tracker.bro-ids.org> #464: Bug with complex data structures ----------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Comment (by jsiwek): In [1e4c3d8ea293868d5c85e536201c327937c2d175/bro]: {{{ #!CommitTicketReference repository="bro" revision="1e4c3d8ea293868d5c85e536201c327937c2d175" Teach CompHash to allow indexing by records with vector/table/set fields. Addresses #464. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 20 15:00:53 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 20 Jan 2012 23:00:53 -0000 Subject: [Bro-Dev] #464: Bug with complex data structures In-Reply-To: <046.9f65dde0f285b762925aca06fe80721f@tracker.bro-ids.org> References: <046.9f65dde0f285b762925aca06fe80721f@tracker.bro-ids.org> Message-ID: <061.352da864fe163da1d2b7ea8bc7e7e8b1@tracker.bro-ids.org> #464: Bug with complex data structures ----------------------------+-------------------- Reporter: seth | Owner: Type: Merge Request | Status: new Priority: High | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------------+-------------------- Changes (by jsiwek): * type: Problem => Merge Request Comment: I believe the changes in `topic/jsiwek/complex-record-indices` fix this. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Sat Jan 21 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 21 Jan 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201210800.q0L802h4032523@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 464 [1] | seth | | High | Bug with complex data structures Bro | 684 [2] | matthias | matthias | Normal | Change to_port BiF to take a string as argument Bro | 739 [3] | jsiwek | | Normal | topic/jsiwek/local-table-init [4] Bro | 752 [5] | jsiwek | jsiwek | Normal | topic/jsiwek/brofiler [6] pysubnettree | 750 [7] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro-aux | a89ee54 | Daniel Thayer | 2012-01-19 | Fix a bro-cut error message and correct some typos [8] bro | 5b04789 | Seth Hall | 2012-01-20 | Fixed a bug resulting in over-logging of detected webapps. [9] [1] #464: http://tracker.bro-ids.org/bro/ticket/464 [2] #684: http://tracker.bro-ids.org/bro/ticket/684 [3] #739: http://tracker.bro-ids.org/bro/ticket/739 [4] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init [5] #752: http://tracker.bro-ids.org/bro/ticket/752 [6] brofiler: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/brofiler [7] #750: http://tracker.bro-ids.org/bro/ticket/750 [8] fastpath: http://tracker.bro-ids.org/bro/changeset/a89ee548abcc838b97ff86707b7d01b1d957a3fa/bro-aux [9] fastpath: http://tracker.bro-ids.org/bro/changeset/5b04789ab868656f7084fd076ce8538bdb155c1d/bro From noreply at bro-ids.org Sun Jan 22 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sun, 22 Jan 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201220800.q0M802SI002840@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 464 [1] | seth | | High | Bug with complex data structures Bro | 684 [2] | matthias | matthias | Normal | Change to_port BiF to take a string as argument Bro | 739 [3] | jsiwek | | Normal | topic/jsiwek/local-table-init [4] Bro | 752 [5] | jsiwek | jsiwek | Normal | topic/jsiwek/brofiler [6] pysubnettree | 750 [7] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro-aux | a89ee54 | Daniel Thayer | 2012-01-19 | Fix a bro-cut error message and correct some typos [8] bro | 5b04789 | Seth Hall | 2012-01-20 | Fixed a bug resulting in over-logging of detected webapps. [9] [1] #464: http://tracker.bro-ids.org/bro/ticket/464 [2] #684: http://tracker.bro-ids.org/bro/ticket/684 [3] #739: http://tracker.bro-ids.org/bro/ticket/739 [4] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init [5] #752: http://tracker.bro-ids.org/bro/ticket/752 [6] brofiler: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/brofiler [7] #750: http://tracker.bro-ids.org/bro/ticket/750 [8] fastpath: http://tracker.bro-ids.org/bro/changeset/a89ee548abcc838b97ff86707b7d01b1d957a3fa/bro-aux [9] fastpath: http://tracker.bro-ids.org/bro/changeset/5b04789ab868656f7084fd076ce8538bdb155c1d/bro From robin at icir.org Sun Jan 22 21:42:32 2012 From: robin at icir.org (Robin Sommer) Date: Sun, 22 Jan 2012 21:42:32 -0800 Subject: [Bro-Dev] IP address class Message-ID: <20120123054232.GB90228@icir.org> I've drafted an interface for a new class that wraps both IPv4 and IPv6 addresses (plus another one for IP prefixes). It's committed to src/IPAddr.h in branch topic/v6-addr. This is completely untested and doesn't have an implementation yet (no compiler has even looked at the code yet :-). For now, it's really just to nail down the interface. I looked at quite a bit of the "ifdef BROv6" and I believe this should generally work as a replacement (with a bit more tweaking here and there I'm sure). Jon, do you think this is something you could use as starting point to begin removing the configure switch and replace current IP address code with uses of this wrapper? Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From bro at tracker.bro-ids.org Sun Jan 22 23:35:12 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 23 Jan 2012 07:35:12 -0000 Subject: [Bro-Dev] #451: Remove DNS options for skipping auth/addl events In-Reply-To: <047.8ae817995be2255322e68a394e45df3e@tracker.bro-ids.org> References: <047.8ae817995be2255322e68a394e45df3e@tracker.bro-ids.org> Message-ID: <062.1ca4363095c2463d274863cf74b74e97@tracker.bro-ids.org> #451: Remove DNS options for skipping auth/addl events ---------------------+-------------------- Reporter: robin | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ---------------------+-------------------- Comment (by vern): Seems the event engine can look for the presence of addl/auth event handlers, and skip the performance burden if these aren't defined, right? -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Mon Jan 23 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Mon, 23 Jan 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201230800.q0N802t4013123@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 464 [1] | seth | | High | Bug with complex data structures Bro | 684 [2] | matthias | matthias | Normal | Change to_port BiF to take a string as argument Bro | 739 [3] | jsiwek | | Normal | topic/jsiwek/local-table-init [4] Bro | 752 [5] | jsiwek | jsiwek | Normal | topic/jsiwek/brofiler [6] pysubnettree | 750 [7] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro-aux | a89ee54 | Daniel Thayer | 2012-01-19 | Fix a bro-cut error message and correct some typos [8] bro | 5b04789 | Seth Hall | 2012-01-20 | Fixed a bug resulting in over-logging of detected webapps. [9] [1] #464: http://tracker.bro-ids.org/bro/ticket/464 [2] #684: http://tracker.bro-ids.org/bro/ticket/684 [3] #739: http://tracker.bro-ids.org/bro/ticket/739 [4] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init [5] #752: http://tracker.bro-ids.org/bro/ticket/752 [6] brofiler: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/brofiler [7] #750: http://tracker.bro-ids.org/bro/ticket/750 [8] fastpath: http://tracker.bro-ids.org/bro/changeset/a89ee548abcc838b97ff86707b7d01b1d957a3fa/bro-aux [9] fastpath: http://tracker.bro-ids.org/bro/changeset/5b04789ab868656f7084fd076ce8538bdb155c1d/bro From bro at tracker.bro-ids.org Mon Jan 23 06:03:03 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 23 Jan 2012 14:03:03 -0000 Subject: [Bro-Dev] #451: Remove DNS options for skipping auth/addl events In-Reply-To: <047.8ae817995be2255322e68a394e45df3e@tracker.bro-ids.org> References: <047.8ae817995be2255322e68a394e45df3e@tracker.bro-ids.org> Message-ID: <062.a92c4eab2d513f041f6a50654c141e44@tracker.bro-ids.org> #451: Remove DNS options for skipping auth/addl events ---------------------+-------------------- Reporter: robin | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ---------------------+-------------------- Comment (by seth): > Seems the event engine can look for the presence of addl/auth event > handlers, and skip the performance burden if these aren't defined, right? Oh, of course. That's the right thing to do. -- Ticket URL: Bro Tracker Bro Issue Tracker From vallentin at icir.org Mon Jan 23 21:42:35 2012 From: vallentin at icir.org (Matthias Vallentin) Date: Mon, 23 Jan 2012 21:42:35 -0800 Subject: [Bro-Dev] [Bro-Commits] [git/bro] topic/v6-addr: Interface draft for new IP address wrapper class. (0868317) In-Reply-To: <201201230542.q0N5g53X008921@bro-ids.icir.org> References: <201201230542.q0N5g53X008921@bro-ids.icir.org> Message-ID: > ? ?Interface draft for new IP address wrapper class. This looks like a good start; a few comments below. > +public: > + ? ? ? /// Address family. > + ? ? ? enum { IPv4, IPv6 } Family; Why is that (and ByteOrder) a public member? Intuitively, I would imagine that the constructor sets this value once and then clients only use the family() const member function to inspect it. > + ? ? ? /// Byte order. > + ? ? ? enum { Host, Network } ByteOrder; Why is it necessary to discern between the two? I might oversee a use case that requires this differentiation, but in my naive mental model, only a single internal representation is necessary (with a constructor argument specifying the order when creating an instance from raw bytes). > +/// Comparision operator for IP addresss. > +extern bool operator==(const IPAddr& addr1, const IPAddr& addr2) const; > + > +/// Comparision operator IP addresses. This defines a well-defined order for > +/// IP addresses. However, the order does not necessarily correspond to their > +/// numerical values. > +extern bool operator<(const IPAddr& addr1, const IPAddr& addr2) const; These could be members, too. Then you could directory access the in6 member. Matthias From robin at icir.org Mon Jan 23 22:08:37 2012 From: robin at icir.org (Robin Sommer) Date: Mon, 23 Jan 2012 22:08:37 -0800 Subject: [Bro-Dev] [Bro-Commits] [git/bro] topic/v6-addr: Interface draft for new IP address wrapper class. (0868317) In-Reply-To: References: <201201230542.q0N5g53X008921@bro-ids.icir.org> Message-ID: <20120124060837.GC36306@icir.org> On Mon, Jan 23, 2012 at 21:42 -0800, you wrote: > > + ? ? ? enum { IPv4, IPv6 } Family; > > + ? ? ? enum { Host, Network } ByteOrder; Oops, that are typos. That's supposed to look like this instead: ? ? ? enum Family { IPv4, IPv6 }; ? ? ? enum ByteOrder { Host, Network }; Does that make more sense? :) In other words, we don't need to store these at all. > These could be members, too. Then you could directory access the in6 > member. I have this old rule of thumb in my head to define binary operators outside of classes. What was the use case where that's needed? Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From noreply at bro-ids.org Tue Jan 24 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Tue, 24 Jan 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201240800.q0O802WX003692@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 464 [1] | seth | | High | Bug with complex data structures Bro | 684 [2] | matthias | matthias | Normal | Change to_port BiF to take a string as argument Bro | 739 [3] | jsiwek | | Normal | topic/jsiwek/local-table-init [4] Bro | 752 [5] | jsiwek | jsiwek | Normal | topic/jsiwek/brofiler [6] pysubnettree | 750 [7] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro-aux | a89ee54 | Daniel Thayer | 2012-01-19 | Fix a bro-cut error message and correct some typos [8] bro | 5b04789 | Seth Hall | 2012-01-20 | Fixed a bug resulting in over-logging of detected webapps. [9] [1] #464: http://tracker.bro-ids.org/bro/ticket/464 [2] #684: http://tracker.bro-ids.org/bro/ticket/684 [3] #739: http://tracker.bro-ids.org/bro/ticket/739 [4] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init [5] #752: http://tracker.bro-ids.org/bro/ticket/752 [6] brofiler: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/brofiler [7] #750: http://tracker.bro-ids.org/bro/ticket/750 [8] fastpath: http://tracker.bro-ids.org/bro/changeset/a89ee548abcc838b97ff86707b7d01b1d957a3fa/bro-aux [9] fastpath: http://tracker.bro-ids.org/bro/changeset/5b04789ab868656f7084fd076ce8538bdb155c1d/bro From vallentin at icir.org Tue Jan 24 11:47:58 2012 From: vallentin at icir.org (Matthias Vallentin) Date: Tue, 24 Jan 2012 19:47:58 +0000 Subject: [Bro-Dev] [Bro-Commits] [git/bro] topic/v6-addr: Interface draft for new IP address wrapper class. (0868317) In-Reply-To: <20120124060837.GC36306@icir.org> References: <201201230542.q0N5g53X008921@bro-ids.icir.org> <20120124060837.GC36306@icir.org> Message-ID: > Oops, that are typos. That's supposed to look like this instead: > > ? ?? ? ? enum Family { IPv4, IPv6 }; > ? ?? ? ? enum ByteOrder { Host, Network }; > > Does that make more sense? :) Yes :-). > I have this old rule of thumb in my head to define binary operators > outside of classes. What was the use case where that's needed? I think you're actually right: binary operators outside of classes improve implicit type conversion. Say you implement for some reason operator/ for IP addresses and have an instance ip of your class, then the expression 192.168.0.1 / ip only works operator/ is implemented as non-member function (in the same namespace as the IP address class). Or put differently, the member implementation of a binary operator forces the LHS of an expression to of that class type, which limits the operator symmetry: addr("192.168.0.1) / 192.168.0.1 will work, but 192.168.0.1 / addr("192.168.0.1) will not. Matthias From robin at icir.org Tue Jan 24 15:07:39 2012 From: robin at icir.org (Robin Sommer) Date: Tue, 24 Jan 2012 15:07:39 -0800 Subject: [Bro-Dev] [Bro-Commits] [git/bro] topic/v6-addr: Interface draft for new IP address wrapper class. (0868317) In-Reply-To: References: <201201230542.q0N5g53X008921@bro-ids.icir.org> <20120124060837.GC36306@icir.org> Message-ID: <20120124230739.GF59694@icir.org> On Tue, Jan 24, 2012 at 19:47 +0000, you wrote: > I think you're actually right: binary operators outside of classes > improve implicit type conversion. Ah, right. Thansk! Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From noreply at bro-ids.org Wed Jan 25 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Wed, 25 Jan 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201250800.q0P802s6000419@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 464 [1] | seth | | High | Bug with complex data structures Bro | 684 [2] | matthias | matthias | Normal | Change to_port BiF to take a string as argument Bro | 739 [3] | jsiwek | | Normal | topic/jsiwek/local-table-init [4] Bro | 752 [5] | jsiwek | jsiwek | Normal | topic/jsiwek/brofiler [6] pysubnettree | 750 [7] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro-aux | a89ee54 | Daniel Thayer | 2012-01-19 | Fix a bro-cut error message and correct some typos [8] bro | 5b04789 | Seth Hall | 2012-01-20 | Fixed a bug resulting in over-logging of detected webapps. [9] [1] #464: http://tracker.bro-ids.org/bro/ticket/464 [2] #684: http://tracker.bro-ids.org/bro/ticket/684 [3] #739: http://tracker.bro-ids.org/bro/ticket/739 [4] local-table-init: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/local-table-init [5] #752: http://tracker.bro-ids.org/bro/ticket/752 [6] brofiler: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/brofiler [7] #750: http://tracker.bro-ids.org/bro/ticket/750 [8] fastpath: http://tracker.bro-ids.org/bro/changeset/a89ee548abcc838b97ff86707b7d01b1d957a3fa/bro-aux [9] fastpath: http://tracker.bro-ids.org/bro/changeset/5b04789ab868656f7084fd076ce8538bdb155c1d/bro From lgadallah at gmail.com Wed Jan 25 16:59:51 2012 From: lgadallah at gmail.com (Larry Gadallah) Date: Wed, 25 Jan 2012 16:59:51 -0800 Subject: [Bro-Dev] Errors in [Bro] Connection summary Message-ID: Hi all: I am seeing errors like this every time the connection summary script runs: python:/usr/local/bro/lib/broctl/_SubnetTree.so: undefined symbol '__inet_addr' python:/usr/local/bro/lib/broctl/_SubnetTree.so: undefined symbol '__inet_aton' Traceback (most recent call last): ?File "/usr/local/bro/bin/trace-summary", line 19, in ? ?import SubnetTree ?File "/usr/local/bro/lib/broctl/SubnetTree.py", line 7, in ? ?import _SubnetTree ImportError: Cannot load specified object ? ? ? ?0.20 real ? ? ? ? 0.00 user ? ? ? ? 0.00 sys Incidentally, I get the same kind of linker errors at bro startup that were seen on OpenBSD with bro a couple of years ago: # /usr/local/bro/bin/bro --version /usr/local/bro/bin/bro:/usr/lib/libc.so.60.1: /usr/local/lib/libbind.so.2.0 : WARNING: symbol(__p_class_syms) size mismatch, relink your program /usr/local/bro/bin/bro:/usr/lib/libc.so.60.1: /usr/local/bro/bin/bro : WARNING: symbol(_res) size mismatch, relink your program /usr/local/bro/bin/bro:/usr/lib/libc.so.60.1: /usr/local/lib/libbind.so.2.0 : WARNING: symbol(__p_type_syms) size mismatch, relink your program /usr/local/bro/bin/bro version 2.0-debug # uname -a OpenBSD 5.0 GENERIC#43 i386 # pkg_info | grep libbind libbind-9.4.2 ? ? ? BIND 8 compatible stub resolver library Is this a case of some kind of incompatibility between the libc and libbind resolver functions? Thanks, -- Larry Gadallah, VE6VQ/W7? ? ? ? ? ? ? ? ? ? ? ? ? lgadallah AT gmail DOT com PGP Sig: B5F9 C4A8 8517 82AC 16B6 ?02B6 0645 69F0 1F29 A512 From bro at tracker.bro-ids.org Wed Jan 25 17:33:50 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 26 Jan 2012 01:33:50 -0000 Subject: [Bro-Dev] #756: notice_policy.log keeps causing test failures Message-ID: <047.bac7534465dcb1b2a632464464adcb12@tracker.bro-ids.org> #756: notice_policy.log keeps causing test failures ---------------------+------------------------ Reporter: robin | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.1 Component: Bro | Version: git/master Keywords: | ---------------------+------------------------ Many changes reorder notice_policy.log, which then lets in particular the external tests all fail. That get's annoying. Ideas how to fix that? {{{ #### btest-diff notice_policy.log == File =============================== == Diff =============================== --- /tmp/test-diff.1205.notice_policy.log.baseline.tmp 2012-01-26 01:28:55.172821809 +0000 +++ /tmp/test-diff.1205.notice_policy.log.tmp 2012-01-26 01:28:55.184822264 +0000 @@ -6,9 +6,9 @@ #fields position priority action pred halt suppress_for #types count count enum func bool interval 0 10 Notice::ACTION_ADD_GEODATA anonymous-function\x0a{ \x0areturn ((Notice::n$note in Notice::lookup_location_types));\x0a} F - -1 9 Notice::ACTION_NONE anonymous-function\x0a{ \x0areturn ((Notice::n$note in Notice::ignored_types));\x0a} T - -2 9 Notice::ACTION_NO_SUPPRESS anonymous-function\x0a{ \x0areturn ((Notice::n$note in Notice::not_suppressed_types));\x0a} F - -3 8 Notice::ACTION_NONE anonymous-function\x0a{ \x0aif (Notice::n$note in Notice::type_suppression_intervals) \x0a\x09{ \x0a\x09Notice::n$suppress_for = Not -4 8 Notice::ACTION_EMAIL anonymous-function\x0a{ \x0areturn ((Notice::n$note in Notice::emailed_types));\x0a} F - +1 9 Notice::ACTION_NO_SUPPRESS anonymous-function\x0a{ \x0areturn ((Notice::n$note in Notice::not_suppressed_types));\x0a} F - +2 9 Notice::ACTION_NONE anonymous-function\x0a{ \x0areturn ((Notice::n$note in Notice::ignored_types));\x0a} T - +3 8 Notice::ACTION_EMAIL anonymous-function\x0a{ \x0areturn ((Notice::n$note in Notice::emailed_types));\x0a} F - +4 8 Notice::ACTION_NONE anonymous-function\x0a{ \x0aif (Notice::n$note in Notice::type_suppression_intervals) \x0a\x09{ \x0a\x09Notice::n$suppress_for = Not 5 8 Notice::ACTION_ALARM anonymous-function\x0a{ \x0areturn ((Notice::n$note in Notice::alarmed_types));\x0a} F - 6 0 Notice::ACTION_LOG - F - }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 25 18:03:02 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 26 Jan 2012 02:03:02 -0000 Subject: [Bro-Dev] #756: notice_policy.log keeps causing test failures In-Reply-To: <047.bac7534465dcb1b2a632464464adcb12@tracker.bro-ids.org> References: <047.bac7534465dcb1b2a632464464adcb12@tracker.bro-ids.org> Message-ID: <062.88a2620a0a0804bd4eb4885de05e15bf@tracker.bro-ids.org> #756: notice_policy.log keeps causing test failures ----------------------+------------------------ Reporter: robin | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.1 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by robin): I'm getting a larger number of rejects when applying this to current git (even with the non-swig files). Would you mind preparing an updated patch? Otherwise, I'll get back to it later and see if I can fix it manually. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 25 18:36:39 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 26 Jan 2012 02:36:39 -0000 Subject: [Bro-Dev] #464: Bug with complex data structures In-Reply-To: <046.9f65dde0f285b762925aca06fe80721f@tracker.bro-ids.org> References: <046.9f65dde0f285b762925aca06fe80721f@tracker.bro-ids.org> Message-ID: <061.88c4aaf26af9358dbe1e246241609ade@tracker.bro-ids.org> #464: Bug with complex data structures ----------------------------+-------------------- Reporter: seth | Owner: robin Type: Merge Request | Status: closed Priority: High | Milestone: Bro2.1 Component: Bro | Version: Resolution: fixed | Keywords: ----------------------------+-------------------- Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [27ce62077f397dfe9deecc84a04345be122c5d75/bro]: {{{ #!CommitTicketReference repository="bro" revision="27ce62077f397dfe9deecc84a04345be122c5d75" Merge remote-tracking branch 'origin/topic/jsiwek/complex-record-indices' * origin/topic/jsiwek/complex-record-indices: Teach CompHash to allow indexing by records with vector/table/set fields. Closes #464 }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 25 18:36:39 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 26 Jan 2012 02:36:39 -0000 Subject: [Bro-Dev] #739: topic/jsiwek/local-table-init In-Reply-To: <048.40f08b615a25cda86b338fd5fc758016@tracker.bro-ids.org> References: <048.40f08b615a25cda86b338fd5fc758016@tracker.bro-ids.org> Message-ID: <063.f644290490f837214404f7872c3547d4@tracker.bro-ids.org> #739: topic/jsiwek/local-table-init ----------------------------+------------------------ Reporter: jsiwek | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [7a8c9b1c6915b8e595927b2909a16e9913b57e64/bro]: {{{ #!CommitTicketReference repository="bro" revision="7a8c9b1c6915b8e595927b2909a16e9913b57e64" Merge remote-tracking branch 'origin/topic/jsiwek/local-table-init' * origin/topic/jsiwek/local-table-init: Allow local table variables to be initialized with {} list expressions. Closes #739. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 25 18:36:39 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 26 Jan 2012 02:36:39 -0000 Subject: [Bro-Dev] #684: Change to_port BiF to take a string as argument In-Reply-To: <050.b20757078e176ef09b16f1693c6f73e6@tracker.bro-ids.org> References: <050.b20757078e176ef09b16f1693c6f73e6@tracker.bro-ids.org> Message-ID: <065.dcf3c9d9505834e77b908a6f70e59669@tracker.bro-ids.org> #684: Change to_port BiF to take a string as argument ----------------------------+------------------------ Reporter: matthias | Owner: matthias Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * status: accepted => closed * resolution: => fixed Comment: In [b649ade9bad0cd3d63182317ea89ef02a626816f/bro]: {{{ #!CommitTicketReference repository="bro" revision="b649ade9bad0cd3d63182317ea89ef02a626816f" Merge remote-tracking branch 'origin/topic/bif_cleanup' * origin/topic/bif_cleanup: Give mode2string a more generic name. Change some BiF return values from bool to any. Perform type checking on count-to-port conversion. Remove redundant connection_record() BiF. Remove redundant active_connection() BiF. Make exit() parameterizable. to_port() now parses a string instead of a count. Closes #684. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 25 18:36:39 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 26 Jan 2012 02:36:39 -0000 Subject: [Bro-Dev] #756: notice_policy.log keeps causing test failures In-Reply-To: <047.bac7534465dcb1b2a632464464adcb12@tracker.bro-ids.org> References: <047.bac7534465dcb1b2a632464464adcb12@tracker.bro-ids.org> Message-ID: <062.0f8ec858d46ed51b61d52cef5c229b1b@tracker.bro-ids.org> #756: notice_policy.log keeps causing test failures ----------------------+------------------------ Reporter: robin | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.1 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by robin): In [d6767e1d839e9c71fdd3f3608150eadadfb4c736/bro]: {{{ #!CommitTicketReference repository="bro" revision="d6767e1d839e9c71fdd3f3608150eadadfb4c736" Disalbing brofiling because of problem. See #756. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Jan 25 18:37:33 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 26 Jan 2012 02:37:33 -0000 Subject: [Bro-Dev] #752: topic/jsiwek/brofiler In-Reply-To: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> References: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> Message-ID: <063.6dc9e22c42346fa67f763dce9657c560@tracker.bro-ids.org> #752: topic/jsiwek/brofiler ----------------------------+---------------------- Reporter: jsiwek | Owner: jsiwek Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------------+---------------------- Comment (by robin): Merged, but I've disabled brofiling in btest.cfg as I'm getting errors: the initial unit tests work fine, but at some point everything starts failing suddenly with errors like this: {{{ scripts.base.frameworks.logging.ascii-empty ... failed % 'bro -b /da/home/robin/bro/master/testing/btest/.tmp/scripts.base.frameworks.logging .ascii-empty/ascii-empty.bro' failed % cat .stderr terminate called after throwing an instance of 'std::logic_error' what(): basic_string::_S_construct null not valid }}} I'm guessing this might be a problem with the coverage file at some point getting into bad shape. Can you try current master and see if you get that as well? I don't think I changed anything relevant. I renamed BROFILER_FILE to BRO_PROFILER_FILE for consistency with other env variables though. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Thu Jan 26 00:00:01 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Thu, 26 Jan 2012 00:00:01 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201260800.q0Q801fl002245@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 752 [1] | jsiwek | jsiwek | Normal | topic/jsiwek/brofiler [2] pysubnettree | 750 [3] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree [1] #752: http://tracker.bro-ids.org/bro/ticket/752 [2] brofiler: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/brofiler [3] #750: http://tracker.bro-ids.org/bro/ticket/750 From bro at tracker.bro-ids.org Thu Jan 26 07:43:38 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 26 Jan 2012 15:43:38 -0000 Subject: [Bro-Dev] #752: topic/jsiwek/brofiler In-Reply-To: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> References: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> Message-ID: <063.c0356f570114f6f3ebdc128d56126626@tracker.bro-ids.org> #752: topic/jsiwek/brofiler ----------------------------+---------------------- Reporter: jsiwek | Owner: jsiwek Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------------+---------------------- Comment (by jsiwek): > I don't think I changed anything relevant. I renamed BROFILER_FILE to BRO_PROFILER_FILE for consistency with other env variables though. Looks like a few places didn't get adapted to the new name: {{{ $ grep -R BROFILER_FILE . ./testing/btest/coverage/coverage-blacklist.bro:# @TEST-EXEC: BROFILER_FILE=coverage bro -b %INPUT ./testing/external/bro-testing/btest.cfg:BROFILER_FILE=%(testbase)s/.tmp /script-coverage ./testing/external/subdir-btest.cfg:BROFILER_FILE=%(testbase)s/.tmp /script-coverage ./testing/scripts/btest-bg-run:BROFILER_FILE=`mktemp -t script-coverage` $BTEST_PATH/btest-bg-run $@ }}} The last one is the reason for the errors -- the tests involving communication go through that wrapper script so that each Bro process gets a unique coverage file to write to, otherwise they may write simultaneously to the same file. Want to try again after fixing those? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Jan 26 07:56:42 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 26 Jan 2012 15:56:42 -0000 Subject: [Bro-Dev] #752: topic/jsiwek/brofiler In-Reply-To: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> References: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> Message-ID: <063.e4086b001572ef14f8a0a32cdf2362ac@tracker.bro-ids.org> #752: topic/jsiwek/brofiler ----------------------------+---------------------- Reporter: jsiwek | Owner: jsiwek Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------------+---------------------- Comment (by robin): On Thu, Jan 26, 2012 at 15:43 -0000, you wrote: > Looks like a few places didn't get adapted to the new name: Ok, will try again (and should have just done the grep!) Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Jan 26 10:40:13 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 26 Jan 2012 18:40:13 -0000 Subject: [Bro-Dev] #730: Find and fix tcp sequence counting bugs In-Reply-To: <046.dcc46d96df7639fb8de3a135dbe7e0cc@tracker.bro-ids.org> References: <046.dcc46d96df7639fb8de3a135dbe7e0cc@tracker.bro-ids.org> Message-ID: <061.b6f6b5c15981fdc95ff3b6cdd38c0f07@tracker.bro-ids.org> #730: Find and fix tcp sequence counting bugs ----------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Comment (by jswaro): If you can provide traces, I'd be interested in assisting in fixing this problem. I have a problem similar to this that I am working on, which I imagine a solution to one would solve the other if I'm not mistaken. On Wed, Jan 18, 2012 at 4:33 PM, Bro Tracker wrote: > #730: Find and fix tcp sequence counting bugs > ----------------------+-------------------- > Reporter: seth | Owner: > Type: Problem | Status: new > Priority: High | Milestone: Bro2.1 > Component: Bro | Version: > Resolution: | Keywords: > ----------------------+-------------------- > Changes (by seth): > > * priority: Normal => High > > > Comment: > > I'll try and get some tracefiles posted here soon that exhibit the > problem. > > -- > Ticket URL: > Bro Tracker > Bro Issue Tracker > > _______________________________________________ > bro-dev mailing list > bro-dev at bro-ids.org > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev > -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Jan 26 13:18:00 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 26 Jan 2012 21:18:00 -0000 Subject: [Bro-Dev] #730: Find and fix tcp sequence counting bugs In-Reply-To: <046.dcc46d96df7639fb8de3a135dbe7e0cc@tracker.bro-ids.org> References: <046.dcc46d96df7639fb8de3a135dbe7e0cc@tracker.bro-ids.org> Message-ID: <061.b44c96fa8283eec1f87a5ac50ed2257e@tracker.bro-ids.org> #730: Find and fix tcp sequence counting bugs ----------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------+-------------------- Comment (by seth): I attached a trace file that exhibits the problem. There is some intermediate box that is sending RST packets in this case causing the large byte count. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Jan 26 21:19:28 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 27 Jan 2012 05:19:28 -0000 Subject: [Bro-Dev] #752: topic/jsiwek/brofiler In-Reply-To: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> References: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> Message-ID: <063.2f22ef7f7ee877979e083a127899ea48@tracker.bro-ids.org> #752: topic/jsiwek/brofiler ----------------------------+---------------------- Reporter: jsiwek | Owner: jsiwek Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------------+---------------------- Comment (by robin): Fixes committed, but still getting two test failures: {{{ coverage.bare-mode-errors ... failed % 'btest-diff unique_errors' failed unexpectedly (exit code 1) % cat .diag == File =============================== error: Failed to open BRO_PROFILER_FILE destination '' for writing == Diff =============================== --- /tmp/test-diff.25104.unique_errors.baseline.tmp 2012-01-27 04:46:01.120424720 +0000 +++ /tmp/test-diff.25104.unique_errors.tmp 2012-01-27 04:46:01.140425480 +0000 @@ -0,0 +1,2 @@ + +error: Failed to open BRO_PROFILER_FILE destination '' for writing ======================================= % cat .stderr <<< [24919] bro -b /da/home/robin/bro/master/testing/btest/../../scripts/policy/frameworks/control/controllee.bro received termination signal error: Failed to open BRO_PROFILER_FILE destination '' for writing >>> }}} I am still missing something? -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Fri Jan 27 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Fri, 27 Jan 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201270800.q0R8020G012183@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 752 [1] | jsiwek | jsiwek | Normal | topic/jsiwek/brofiler [2] pysubnettree | 750 [3] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree [1] #752: http://tracker.bro-ids.org/bro/ticket/752 [2] brofiler: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/jsiwek/brofiler [3] #750: http://tracker.bro-ids.org/bro/ticket/750 From bro at tracker.bro-ids.org Fri Jan 27 09:02:11 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 27 Jan 2012 17:02:11 -0000 Subject: [Bro-Dev] #752: topic/jsiwek/brofiler In-Reply-To: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> References: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> Message-ID: <063.8844b21754ba3946a1dc8eedf8bbda76@tracker.bro-ids.org> #752: topic/jsiwek/brofiler ----------------------------+---------------------- Reporter: jsiwek | Owner: jsiwek Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------------+---------------------- Comment (by jsiwek): In [0065cf6148ab76ae9dceebba4dcdbe7e9b556e07/bro]: {{{ #!CommitTicketReference repository="bro" revision="0065cf6148ab76ae9dceebba4dcdbe7e9b556e07" Fix mktemp portability issue affecting test coverage. (addresses #752) Also update Makefiles to behave better for brief targets and in absence of external test repos. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 27 09:07:19 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 27 Jan 2012 17:07:19 -0000 Subject: [Bro-Dev] #752: topic/jsiwek/brofiler In-Reply-To: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> References: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> Message-ID: <063.24bb4c0064efc13228fd9558fd0f8d7b@tracker.bro-ids.org> #752: topic/jsiwek/brofiler ----------------------------+---------------------- Reporter: jsiwek | Owner: robin Type: Merge Request | Status: assigned Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: | Keywords: ----------------------------+---------------------- Changes (by jsiwek): * owner: jsiwek => robin Comment: > I am still missing something? Looked like `mktemp` portability issues. There's a fix and other minor Makefile tweaks in `topic/jsiwek/brofiler` in `bro`, `bro-testing`, and `bro-testing-private` repos for you to try out and merge. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 27 10:24:26 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 27 Jan 2012 18:24:26 -0000 Subject: [Bro-Dev] #757: Change split* to return a string_vec rather string_array Message-ID: <050.83c02acf9ec40c94acd91866709045ac@tracker.bro-ids.org> #757: Change split* to return a string_vec rather string_array ----------------------+------------------------ Reporter: matthias | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Component: Bro | Version: git/master Keywords: language | ----------------------+------------------------ Currently, ``split`` and friends return a ``string_array``, which is a ``table[count] of string``. However, these BiFs should return a ``string_vec`` or ``vector of string`` to allow for sequential iteration over the result. The problem with the current approach is not only that it is wrong modeled (the associative container does not make sense), but also that iteration over the elements, which are obviously ordered, is neither deterministic nor sequential. Presumably this mismatch exists because vectors were not available when the ``split*`` functions have been created. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 27 10:33:23 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 27 Jan 2012 18:33:23 -0000 Subject: [Bro-Dev] #758: New function split_esc Message-ID: <050.39c71b714c62e609d8bb157038f70f3f@tracker.bro-ids.org> #758: New function split_esc ---------------------------+------------------------ Reporter: matthias | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ In the topic branch `topic/matthias/split-escaped`, I added new functionality to split strings that may contain an escaped split expression. E.g., now it would be possible to split strings of the form {{{ a#b\#c#d }}} into `[a, b\#c, d]`. This would otherwise not be possible, because one cannot perform a lookahead with Bro's regular expressions. I implemented this function as an utility function at the scripting layer, rather than adding a new BiF. Ideally, we'd enhance `split_n` with this ability and then propagate the changes through the respective `split*` functions. But before this happens, it makes probably more sense to address #757 first. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 27 10:44:00 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 27 Jan 2012 18:44:00 -0000 Subject: [Bro-Dev] #752: topic/jsiwek/brofiler In-Reply-To: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> References: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> Message-ID: <063.6abcc49447160fedabf048974f86e20e@tracker.bro-ids.org> #752: topic/jsiwek/brofiler ----------------------------+-------------------- Reporter: jsiwek | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: fixed | Keywords: ----------------------------+-------------------- Changes (by robin): * status: assigned => closed * resolution: => fixed Comment: In [c607785cec2b548ea8084be2eea27812fa603725/bro]: {{{ #!CommitTicketReference repository="bro" revision="c607785cec2b548ea8084be2eea27812fa603725" Merge remote-tracking branch 'origin/topic/jsiwek/brofiler' * origin/topic/jsiwek/brofiler: Fix mktemp portability issue affecting test coverage. (addresses #752) Closes #752. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 27 10:45:11 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 27 Jan 2012 18:45:11 -0000 Subject: [Bro-Dev] #752: topic/jsiwek/brofiler In-Reply-To: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> References: <048.a58854f956ee88332813e90948109563@tracker.bro-ids.org> Message-ID: <063.21dfd86a0acf06bc826a6ebf25392abd@tracker.bro-ids.org> #752: topic/jsiwek/brofiler ----------------------------+-------------------- Reporter: jsiwek | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: Resolution: fixed | Keywords: ----------------------------+-------------------- Comment (by robin): Works now, thanks. I like this! -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 27 10:47:29 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 27 Jan 2012 18:47:29 -0000 Subject: [Bro-Dev] #759: Increase test coverage Message-ID: <047.80b3470f0ca6911e07abe4991010ff19@tracker.bro-ids.org> #759: Increase test coverage --------------------+------------------------ Reporter: robin | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Keywords: | --------------------+------------------------ Now that we have the Brofiler, we need to (1) Devise a hard criteria for our coverage goal. (2) Then add tests to get there ... The current idea is to go for 100% across btest and external, excluding code marked explicitly with @no-test. Further thoughts welcome, though. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 27 11:03:37 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 27 Jan 2012 19:03:37 -0000 Subject: [Bro-Dev] #760: Lift Server Alternative Name (SAN) field to scripting layer Message-ID: <050.4ffe419969135e0b86fba4a2e5f44f36@tracker.bro-ids.org> #760: Lift Server Alternative Name (SAN) field to scripting layer -----------------------------+------------------------ Reporter: matthias | Owner: seth Type: Feature Request | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Keywords: | -----------------------------+------------------------ It would be nice to have the '''Subject Alternative Name (SAN)''' field of an X.509 certificate available at the scripting layer. It contains a list of domains that should be used in addition to the CN field of the subject to verify that a domain matches the certificate. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Jan 27 19:58:56 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Sat, 28 Jan 2012 03:58:56 -0000 Subject: [Bro-Dev] #761: 64bit types in binpac Message-ID: <046.f2a3f50e7112af8700c18859d13a283d@tracker.bro-ids.org> #761: 64bit types in binpac ---------------------------+------------------------ Reporter: seth | Owner: robin Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ There are branches in binpac and bro repositories to add support for 64bit ints to binpac. (int64 and uint64) binpac: topic/seth/64bit-types bro: topic/seth/64bit-binpac-updates The only updates that were needed to Bro were to remove some state tracking code that I don't think would have worked very well anyway (for bittorrent). I'm planning on doing some rework on the bittorrent analyzer soon anyway so this shouldn't be a problem for long. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Sat Jan 28 00:00:01 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 28 Jan 2012 00:00:01 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201280800.q0S801XA026929@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 761 [1] | seth | robin | Normal | 64bit types in binpac pysubnettree | 750 [2] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree [1] #761: http://tracker.bro-ids.org/bro/ticket/761 [2] #750: http://tracker.bro-ids.org/bro/ticket/750 From noreply at bro-ids.org Sun Jan 29 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sun, 29 Jan 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201290800.q0T802h3015461@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 761 [1] | seth | robin | Normal | 64bit types in binpac pysubnettree | 750 [2] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree [1] #761: http://tracker.bro-ids.org/bro/ticket/761 [2] #750: http://tracker.bro-ids.org/bro/ticket/750 From noreply at bro-ids.org Mon Jan 30 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Mon, 30 Jan 2012 00:00:02 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201300800.q0U802ZL029196@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 761 [1] | seth | robin | Normal | 64bit types in binpac pysubnettree | 750 [2] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree [1] #761: http://tracker.bro-ids.org/bro/ticket/761 [2] #750: http://tracker.bro-ids.org/bro/ticket/750 From bro at tracker.bro-ids.org Mon Jan 30 14:42:06 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 30 Jan 2012 22:42:06 -0000 Subject: [Bro-Dev] #761: 64bit types in binpac In-Reply-To: <046.f2a3f50e7112af8700c18859d13a283d@tracker.bro-ids.org> References: <046.f2a3f50e7112af8700c18859d13a283d@tracker.bro-ids.org> Message-ID: <061.c9b6062b788ff0ce5570c4109b65b949@tracker.bro-ids.org> #761: 64bit types in binpac ----------------------------+------------------------ Reporter: seth | Owner: robin Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Comment (by robin): I'm trusting that these are correct ... {{{ inline int64 pac_swap(int64 x) { return (x >> 56) | ((x & 0xff000000000000) >> 40) | ((x & 0xff0000000000) >> 24) | ((x & 0xff00000000) >> 8) | ((x & 0xff000000) << 8) | ((x & 0xff0000) << 24) | ((x & 0xff00) << 40) | ((x & 0xff) << 56); } inline uint64 pac_swap(uint64 x) { return (x >> 56) | ((x & 0xff000000000000) >> 40) | ((x & 0xff0000000000) >> 24) | ((x & 0xff00000000) >> 8) | ((x & 0xff000000) << 8) | ((x & 0xff0000) << 24) | ((x & 0xff00) << 40) | ((x & 0xff) << 56); } }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Jan 30 15:17:46 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 30 Jan 2012 23:17:46 -0000 Subject: [Bro-Dev] #762: Add eof line to logfiles Message-ID: <048.b69152fe8b8e0e80e5715b13977d82cb@tracker.bro-ids.org> #762: Add eof line to logfiles ------------------------+----------------------------- Reporter: amannb | Type: Feature Request Status: new | Priority: Normal Milestone: | Component: Bro Version: git/master | Keywords: ------------------------+----------------------------- I think it would be good to have a way to tell if a logfile was successfully completely written to the disk and propose to add some kind of end-of-file information to the end of a file. The easiest way would be just to add an #EOF to the last line of each logfile. That line should be ignored by parsing software (because it is prefixed by a #). Scripts and other software running analyses on logfiles could be sure that they only read files that are no longer being written to. It also could be used to ensure that files that have been transferred from a remote location are complete. -- Ticket URL: Bro Tracker Bro Issue Tracker From robin at icir.org Mon Jan 30 15:35:18 2012 From: robin at icir.org (Robin Sommer) Date: Mon, 30 Jan 2012 15:35:18 -0800 Subject: [Bro-Dev] Deleting branches Message-ID: <20120130233518.GF29720@icir.org> I found (and somewhat adapted) a script that can delete all topic/ branches that have been fully merged into master, and I'm planing to run that from time to time so that we don't end up with tons of dead branches. [1] For the first run, however, I'd like to double-check that it would be doing the right thing. Below is the list of deletes, please shout if there's any branch in there that you do *not* want to be deleted. Robin [1] We could create a naming convention for branches that should stay around if even fully merged if you guys think that makes sense. %%%%%% bro git push origin :topic/appleman/unittests git push origin :topic/bif_cleanup git push origin :topic/dist-cleanup git push origin :topic/gilbert/ascii-header git push origin :topic/gilbert/rand-pool git push origin :topic/jsiwek/ascii-log-rotate-fix git push origin :topic/jsiwek/bro-log-suffix git push origin :topic/jsiwek/brofiler git push origin :topic/jsiwek/broxygen-cleanup git push origin :topic/jsiwek/comphash-func-determinism2 git push origin :topic/jsiwek/compiler-warnings git push origin :topic/jsiwek/complex-record-indices git push origin :topic/jsiwek/custom-b64-alphabet git push origin :topic/jsiwek/debug-flags git push origin :topic/jsiwek/doc-framework git push origin :topic/jsiwek/dynamic-example-install git push origin :topic/jsiwek/filter-rotation git push origin :topic/jsiwek/findpcap_pfring git push origin :topic/jsiwek/fix-dns-double-free git push origin :topic/jsiwek/http-1xx-replies git push origin :topic/jsiwek/http-multipart-byteranges git push origin :topic/jsiwek/index-opt-record git push origin :topic/jsiwek/irc-orig git push origin :topic/jsiwek/leak-fixes git push origin :topic/jsiwek/local-node-order git push origin :topic/jsiwek/local-table-init git push origin :topic/jsiwek/mask_addr_rval git push origin :topic/jsiwek/misc-doc-fixes git push origin :topic/jsiwek/nested-record-coerce-fix git push origin :topic/jsiwek/openbsd-support git push origin :topic/jsiwek/parallel-make-recursion git push origin :topic/jsiwek/path-func-record-demote git push origin :topic/jsiwek/pybroccoli-fixes git push origin :topic/jsiwek/pybroccoli-float-repr git push origin :topic/jsiwek/raw_output git push origin :topic/jsiwek/record-coerce-default git push origin :topic/jsiwek/remote-log-peer git push origin :topic/jsiwek/remove-refined-type git push origin :topic/jsiwek/reporter-fatal-bif git push origin :topic/jsiwek/require-libmagic-libz git push origin :topic/jsiwek/ruby git push origin :topic/jsiwek/sftp-pp git push origin :topic/jsiwek/snaplen git push origin :topic/jsiwek/update-restdoc-target git push origin :topic/logging-framework git push origin :topic/policy-scripts-new git push origin :topic/robin/broccoli-connrec git push origin :topic/robin/cleanup-active-mapping git push origin :topic/robin/cleanup-dfa-cache git push origin :topic/robin/comm-ssl git push origin :topic/robin/conn-ids git push origin :topic/robin/extend-records git push origin :topic/robin/interpreter-exceptions git push origin :topic/robin/logging-fix git push origin :topic/robin/optional-fields git push origin :topic/robin/record-table-default git push origin :topic/robin/reporting git push origin :topic/robin/rotation-pp git push origin :topic/robin/work git push origin :topic/script-load-changes git push origin :topic/script-reference git push origin :topic/seth/64bit-binpac-updates git push origin :topic/seth/dns-updates git push origin :topic/seth/notice-email-delay git push origin :topic/seth/notice-suppression git push origin :topic/seth/ssh-script-fix git push origin :topic/seth/ssl-binpac git push origin :topic/seth/ssl-improvements git push origin :topic/seth/ssl-updates-for-2.0 git push origin :topic/seth/syslog-analyzer git push origin :topic/seth/weird-updates %%%%%% /home/robin/bro/master/aux/binpac git push origin :topic/dist-cleanup git push origin :topic/jsiwek/CMake-IDE-tweaks git push origin :topic/jsiwek/cmake-rpath git push origin :topic/jsiwek/debug-flags git push origin :topic/jsiwek/parallel-make-recursion git push origin :topic/robin/cleanup git push origin :topic/seth/64bit-type %%%%%% /home/robin/bro/master/aux/binpac/cmake git push origin :topic/jsiwek/find-pythondev git push origin :topic/jsiwek/openbsd-support %%%%%% /home/robin/bro/master/aux/bro-aux git push origin :topic/dist-cleanup git push origin :topic/jsiwek/cmake-rpath git push origin :topic/jsiwek/compiler-warnings git push origin :topic/jsiwek/debug-flags git push origin :topic/jsiwek/findpcap_pfring git push origin :topic/jsiwek/openbsd-support git push origin :topic/jsiwek/parallel-make-recursion git push origin :topic/mozilla-ca-list git push origin :topic/robin/bro-cut git push origin :topic/robin/cleanup %%%%%% /home/robin/bro/master/aux/bro-aux/cmake git push origin :topic/jsiwek/find-pythondev git push origin :topic/jsiwek/openbsd-support %%%%%% /home/robin/bro/master/aux/broccoli git push origin :topic/broccoli-manual-rest git push origin :topic/christian/broccoli-connrec git push origin :topic/dist-cleanup git push origin :topic/jsiwek/64bit-val-fix git push origin :topic/jsiwek/CMake-IDE-tweaks git push origin :topic/jsiwek/cmake-rpath git push origin :topic/jsiwek/compiler-warnings git push origin :topic/jsiwek/debug-flags git push origin :topic/jsiwek/dynamic-example-install git push origin :topic/jsiwek/findpcap_pfring git push origin :topic/jsiwek/istate-tests-update git push origin :topic/jsiwek/openbsd-support git push origin :topic/jsiwek/parallel-make-recursion git push origin :topic/jsiwek/remove-refined-type git push origin :topic/robin/cleanup %%%%%% /home/robin/bro/master/aux/broccoli/bindings/broccoli-python git push origin :topic/dist-cleanup git push origin :topic/jsiwek/cmake-rpath git push origin :topic/jsiwek/compiler-warnings git push origin :topic/jsiwek/debug-flags git push origin :topic/jsiwek/find-pythondev git push origin :topic/jsiwek/istate-tests-update git push origin :topic/jsiwek/pybroccoli-fixes git push origin :topic/jsiwek/pybroccoli-float-repr git push origin :topic/remove-tabs git push origin :topic/robin/cleanup %%%%%% /home/robin/bro/master/aux/broccoli/bindings/broccoli-python/cmake git push origin :topic/jsiwek/find-pythondev git push origin :topic/jsiwek/openbsd-support %%%%%% /home/robin/bro/master/aux/broccoli/bindings/broccoli-ruby git push origin :topic/jsiwek/compiler-warnings git push origin :topic/jsiwek/opt-ruby-bindings %%%%%% /home/robin/bro/master/aux/broccoli/bindings/broccoli-ruby/cmake git push origin :topic/jsiwek/find-pythondev git push origin :topic/jsiwek/openbsd-support %%%%%% /home/robin/bro/master/aux/broccoli/cmake git push origin :topic/jsiwek/find-pythondev git push origin :topic/jsiwek/openbsd-support %%%%%% /home/robin/bro/master/aux/broctl git push origin :topic/dist-cleanup git push origin :topic/jsiwek/abs-interp-path git push origin :topic/jsiwek/broctl-cluster-fixes git push origin :topic/jsiwek/broctl-tweaks git push origin :topic/jsiwek/cmake-rpath git push origin :topic/jsiwek/dynamic-example-install git push origin :topic/jsiwek/local-node-order git push origin :topic/jsiwek/openbsd-support git push origin :topic/jsiwek/parallel-make-recursion git push origin :topic/jsiwek/pfring-configure-check git push origin :topic/jsiwek/ticket658 git push origin :topic/policy-scripts-new git push origin :topic/robin/plugins %%%%%% /home/robin/bro/master/aux/broctl/aux/capstats git push origin :topic/dist-cleanup git push origin :topic/jsiwek/cmake-rpath git push origin :topic/jsiwek/debug-flags git push origin :topic/jsiwek/findpcap_pfring git push origin :topic/jsiwek/parallel-make-recursion git push origin :topic/robin/cleanup %%%%%% /home/robin/bro/master/aux/broctl/aux/capstats/cmake git push origin :topic/jsiwek/find-pythondev git push origin :topic/jsiwek/openbsd-support %%%%%% /home/robin/bro/master/aux/broctl/aux/pysubnettree git push origin :topic/dist-cleanup git push origin :topic/jsiwek/cmake-rpath git push origin :topic/jsiwek/compiler-warnings git push origin :topic/jsiwek/debug-flags git push origin :topic/jsiwek/find-pythondev git push origin :topic/robin/cleanup %%%%%% /home/robin/bro/master/aux/broctl/aux/pysubnettree/cmake git push origin :topic/jsiwek/find-pythondev git push origin :topic/jsiwek/openbsd-support %%%%%% /home/robin/bro/master/aux/broctl/aux/trace-summary git push origin :topic/dist-cleanup git push origin :topic/jsiwek/cmake-rpath git push origin :topic/robin/cleanup %%%%%% /home/robin/bro/master/aux/broctl/aux/trace-summary/cmake git push origin :topic/jsiwek/find-pythondev git push origin :topic/jsiwek/openbsd-support %%%%%% /home/robin/bro/master/aux/broctl/cmake git push origin :topic/jsiwek/find-pythondev git push origin :topic/jsiwek/openbsd-support %%%%%% /home/robin/bro/master/aux/btest git push origin :topic/dist-cleanup git push origin :topic/jsiwek/brofiler %%%%%% /home/robin/bro/master/cmake git push origin :topic/jsiwek/find-pythondev git push origin :topic/jsiwek/openbsd-support From bro at tracker.bro-ids.org Mon Jan 30 15:39:11 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 30 Jan 2012 23:39:11 -0000 Subject: [Bro-Dev] #761: 64bit types in binpac In-Reply-To: <046.f2a3f50e7112af8700c18859d13a283d@tracker.bro-ids.org> References: <046.f2a3f50e7112af8700c18859d13a283d@tracker.bro-ids.org> Message-ID: <061.468090f5522fb9b2025a496b7e7d90eb@tracker.bro-ids.org> #761: 64bit types in binpac ----------------------+------------------------ Reporter: seth | Owner: seth Type: Problem | Status: assigned Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Changes (by robin): * owner: robin => seth * status: new => assigned * type: Merge Request => Problem Comment: This doesn't compile for me on a 64-bit Linux: {{{ [ 15%] Building CXX object src/CMakeFiles/bro.dir/ssl_pac.cc.o /home/robin/bro/master/build/src/ssl_pac.cc: In member function ?bool binpac::SSL::SSL_Conn::proc_certificate(binpac::SSL::SSLRecord*, std::vector >*)?: /home/robin/bro/master/build/src/ssl_pac.cc:312:78: error: call of overloaded ?Val(binpac::uint64, TypeTag)? is ambiguous /home/robin/bro/master/build/src/ssl_pac.cc:312:78: note: candidates are: /home/robin/bro/master/src/Val.h:352:2: note: Val::Val(BroString*, TypeTag) /home/robin/bro/master/src/Val.h:352:2: note: no known conversion for argument 1 from ?binpac::uint64 {aka long long unsigned int}? to ?BroString*? /home/robin/bro/master/src/Val.h:144:2: note: Val::Val(BroType*, bool) /home/robin/bro/master/src/Val.h:144:2: note: no known conversion for argument 1 from ?binpac::uint64 {aka long long unsigned int}? to ?BroType*? /home/robin/bro/master/src/Val.h:128:2: note: Val::Val(double, TypeTag) /home/robin/bro/master/src/Val.h:118:2: note: Val::Val(uint64, TypeTag) /home/robin/bro/master/src/Val.h:108:2: note: Val::Val(int64, TypeTag) /home/robin/bro/master/src/Val.h:98:2: note: Val::Val(uint32, TypeTag) /home/robin/bro/master/src/Val.h:88:2: note: Val::Val(int32, TypeTag) /home/robin/bro/master/src/Val.h:78:2: note: Val::Val(bool, TypeTag) make[3]: *** [src/CMakeFiles/bro.dir/ssl_pac.cc.o] Error 1 make[3]: Leaving directory `/da/home/robin/bro/master/build' make[2]: *** [src/CMakeFiles/bro.dir/all] Error 2 make[2]: Leaving directory `/da/home/robin/bro/master/build' make[1]: *** [all] Error 2 make[1]: Leaving directory `/da/home/robin/bro/master/build' make: *** [all] Error 2 }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Jan 30 15:41:04 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 30 Jan 2012 23:41:04 -0000 Subject: [Bro-Dev] #762: Add eof line to logfiles In-Reply-To: <048.b69152fe8b8e0e80e5715b13977d82cb@tracker.bro-ids.org> References: <048.b69152fe8b8e0e80e5715b13977d82cb@tracker.bro-ids.org> Message-ID: <063.f13939bd6163381d167fa2a88bab5ca2@tracker.bro-ids.org> #762: Add eof line to logfiles ------------------------------+------------------------ Reporter: amannb | Owner: Type: Feature Request | Status: new Priority: Normal | Milestone: Component: Bro | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Comment (by robin): On Mon, Jan 30, 2012 at 23:17 -0000, you wrote: > #EOF That makes sense I think. Robin -- Ticket URL: Bro Tracker Bro Issue Tracker From gc355804 at ohio.edu Mon Jan 30 17:13:29 2012 From: gc355804 at ohio.edu (G. Clark) Date: Mon, 30 Jan 2012 20:13:29 -0500 Subject: [Bro-Dev] #762: Add eof line to logfiles In-Reply-To: <063.f13939bd6163381d167fa2a88bab5ca2@tracker.bro-ids.org> References: <048.b69152fe8b8e0e80e5715b13977d82cb@tracker.bro-ids.org> <063.f13939bd6163381d167fa2a88bab5ca2@tracker.bro-ids.org> Message-ID: <4F274039.3090905@ohio.edu> AFAIK, RFC 4180 doesn't specify comments as part of standard CSV format. Thus, I believe it's important to ensure that an option to disable this behavior makes it into the code. --Gilbert On 1/30/12 6:41 PM, Bro Tracker wrote: > #762: Add eof line to logfiles > ------------------------------+------------------------ > Reporter: amannb | Owner: > Type: Feature Request | Status: new > Priority: Normal | Milestone: > Component: Bro | Version: git/master > Resolution: | Keywords: > ------------------------------+------------------------ > > Comment (by robin): > > On Mon, Jan 30, 2012 at 23:17 -0000, you wrote: > > > #EOF > > That makes sense I think. > > Robin > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6010 bytes Desc: S/MIME Cryptographic Signature Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20120130/0e4f859e/attachment-0001.bin From bernhard at ICSI.Berkeley.EDU Mon Jan 30 17:22:11 2012 From: bernhard at ICSI.Berkeley.EDU (Bernhard Amann) Date: Mon, 30 Jan 2012 17:22:11 -0800 Subject: [Bro-Dev] #762: Add eof line to logfiles In-Reply-To: <4F274039.3090905@ohio.edu> References: <048.b69152fe8b8e0e80e5715b13977d82cb@tracker.bro-ids.org> <063.f13939bd6163381d167fa2a88bab5ca2@tracker.bro-ids.org> <4F274039.3090905@ohio.edu> Message-ID: It would not be CSV compatible, that is true? but Bro already uses the same format for its header lines (which also are not RFC 4180 conformant unless I am very much mistaken). Can those be switched off by a configuration option? If yes one could use the same one for the footer line... On Jan 30, 2012, at 5:13 PM, G. Clark wrote: > AFAIK, RFC 4180 doesn't specify comments as part of standard CSV format. Thus, I believe it's important to ensure that an option to disable this behavior makes it into the code. > > --Gilbert > > On 1/30/12 6:41 PM, Bro Tracker wrote: >> #762: Add eof line to logfiles >> ------------------------------+------------------------ >> Reporter: amannb | Owner: >> Type: Feature Request | Status: new >> Priority: Normal | Milestone: >> Component: Bro | Version: git/master >> Resolution: | Keywords: >> ------------------------------+------------------------ >> >> Comment (by robin): >> >> On Mon, Jan 30, 2012 at 23:17 -0000, you wrote: >> >> > #EOF >> >> That makes sense I think. >> >> Robin >> > > > _______________________________________________ > bro-dev mailing list > bro-dev at bro-ids.org > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev From gc355804 at ohio.edu Mon Jan 30 17:27:47 2012 From: gc355804 at ohio.edu (G. Clark) Date: Mon, 30 Jan 2012 20:27:47 -0500 Subject: [Bro-Dev] #762: Add eof line to logfiles In-Reply-To: References: <048.b69152fe8b8e0e80e5715b13977d82cb@tracker.bro-ids.org> <063.f13939bd6163381d167fa2a88bab5ca2@tracker.bro-ids.org> <4F274039.3090905@ohio.edu> Message-ID: <4F274393.7060800@ohio.edu> Nope, the headers aren't RFC spec, either. IIRC, the option to disable these headers is (from scripts/base/frameworks/logging/writers/ascii.bro): ## If true, include a header line with column names and description ## of the other ASCII logging options that were used. const include_header = T &redef; Thus, `include_footer` seems like it'd be sane to me. --Gilbert On 1/30/12 8:22 PM, Bernhard Amann wrote: > It would not be CSV compatible, that is true? but Bro already uses the same format for its header lines (which also are not RFC 4180 conformant unless I am very much mistaken). > > Can those be switched off by a configuration option? If yes one could use the same one for the footer line... > > On Jan 30, 2012, at 5:13 PM, G. Clark wrote: > >> AFAIK, RFC 4180 doesn't specify comments as part of standard CSV format. Thus, I believe it's important to ensure that an option to disable this behavior makes it into the code. >> >> --Gilbert >> >> On 1/30/12 6:41 PM, Bro Tracker wrote: >>> #762: Add eof line to logfiles >>> ------------------------------+------------------------ >>> Reporter: amannb | Owner: >>> Type: Feature Request | Status: new >>> Priority: Normal | Milestone: >>> Component: Bro | Version: git/master >>> Resolution: | Keywords: >>> ------------------------------+------------------------ >>> >>> Comment (by robin): >>> >>> On Mon, Jan 30, 2012 at 23:17 -0000, you wrote: >>> >>> > #EOF >>> >>> That makes sense I think. >>> >>> Robin >>> >> >> >> _______________________________________________ >> bro-dev mailing list >> bro-dev at bro-ids.org >> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6010 bytes Desc: S/MIME Cryptographic Signature Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20120130/a4b85872/attachment.bin From robin at icir.org Mon Jan 30 21:20:04 2012 From: robin at icir.org (Robin Sommer) Date: Mon, 30 Jan 2012 21:20:04 -0800 Subject: [Bro-Dev] #762: Add eof line to logfiles In-Reply-To: <4F274393.7060800@ohio.edu> References: <048.b69152fe8b8e0e80e5715b13977d82cb@tracker.bro-ids.org> <063.f13939bd6163381d167fa2a88bab5ca2@tracker.bro-ids.org> <4F274039.3090905@ohio.edu> <4F274393.7060800@ohio.edu> Message-ID: <20120131052004.GG38563@icir.org> On Mon, Jan 30, 2012 at 20:27 -0500, you wrote: > Thus, `include_footer` seems like it'd be sane to me. Or just rename into a single one like "include_format" Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From bro at tracker.bro-ids.org Mon Jan 30 22:14:19 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 31 Jan 2012 06:14:19 -0000 Subject: [Bro-Dev] #763: Escape # when first character in log file line Message-ID: <048.3bfb7266147705e69563ae3f5f7bab89@tracker.bro-ids.org> #763: Escape # when first character in log file line ------------------------+--------------------- Reporter: amannb | Type: Problem Status: new | Priority: Normal Milestone: | Component: Bro Version: git/master | Keywords: ------------------------+--------------------- Bro should probably escape the # character, when it is the first that appears in a line and when the header fields are used. Example output: {{{ #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test #fields status #types string #test }}} Script to generate output is attached. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Tue Jan 31 00:00:01 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Tue, 31 Jan 2012 00:00:01 -0800 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201201310800.q0V801nr029038@bro-ids.icir.org> > Open Merge Requests for Bro2.1 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ pysubnettree | 750 [1] | robin | robin | Normal | Patch adding IPv6 support for pysubnettree > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 4a6a9fe | Daniel Thayer | 2012-01-30 | Fix sorting of lines in Brofiler coverage.log [2] [1] #750: http://tracker.bro-ids.org/bro/ticket/750 [2] fastpath: http://tracker.bro-ids.org/bro/changeset/4a6a9fe9f274b32250e2507e2b03f31057dc1e9f/bro From bro at tracker.bro-ids.org Tue Jan 31 08:16:12 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 31 Jan 2012 16:16:12 -0000 Subject: [Bro-Dev] #763: Escape # when first character in log file line In-Reply-To: <048.3bfb7266147705e69563ae3f5f7bab89@tracker.bro-ids.org> References: <048.3bfb7266147705e69563ae3f5f7bab89@tracker.bro-ids.org> Message-ID: <063.8f161cf6f1e984f730823150249d5c4b@tracker.bro-ids.org> #763: Escape # when first character in log file line ----------------------+------------------------ Reporter: amannb | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Changes (by robin): * milestone: => Bro2.1 -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 31 11:39:45 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 31 Jan 2012 19:39:45 -0000 Subject: [Bro-Dev] #761: 64bit types in binpac In-Reply-To: <046.f2a3f50e7112af8700c18859d13a283d@tracker.bro-ids.org> References: <046.f2a3f50e7112af8700c18859d13a283d@tracker.bro-ids.org> Message-ID: <061.b18e5869689eaf6b9e9fe501fcfee9d1@tracker.bro-ids.org> #761: 64bit types in binpac ----------------------+------------------------ Reporter: seth | Owner: seth Type: Problem | Status: assigned Priority: Normal | Milestone: Bro2.1 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by gregor): IMHO these constants need to be long long constants (or whatever 64 bit is on the target architecture), i.e., 0xff000000000000ll Should just figure out a way to make that work properly on all platforms. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Jan 31 11:50:44 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 31 Jan 2012 19:50:44 -0000 Subject: [Bro-Dev] #764: Change software framework interface Message-ID: <048.fb7e2a77a0625ef0ffbe9e3ccb92f857@tracker.bro-ids.org> #764: Change software framework interface ------------------------+--------------------------- Reporter: amannb | Type: Merge Request Status: new | Priority: Normal Milestone: Bro2.1 | Component: Bro Version: git/master | Keywords: ------------------------+--------------------------- topic/bernhard/software contains a patch that makes the interface to the software framework more flexible and easy to understand and adds support for ports for server software. Before: {{{ local flash_version = Software::parse(value, c$id$orig_h, BROWSER_PLUGIN);}}} Software::found(c$id, flash_version); }}} Now: {{{ Software::found(c$id, [$unparsed_version=value, $host=c$id$orig_h, $software_type=BROWSER_PLUGIN]); }}} -- Ticket URL: Bro Tracker Bro Issue Tracker