From noreply at bro-ids.org Sat Sep 1 00:00:04 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 1 Sep 2012 00:00:04 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209010700.q81704Rp003848@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 861 [1] | hui | | Normal | Merging DNP3 Analyzer Bro | 870 [2] | robin | | Normal | Merge Modbus analyzer [1] #861: http://tracker.bro-ids.org/bro/ticket/861 [2] #870: http://tracker.bro-ids.org/bro/ticket/870 From noreply at bro-ids.org Sun Sep 2 00:00:11 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sun, 2 Sep 2012 00:00:11 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209020700.q8270BK6016147@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 861 [1] | hui | | Normal | Merging DNP3 Analyzer Bro | 870 [2] | robin | | Normal | Merge Modbus analyzer [1] #861: http://tracker.bro-ids.org/bro/ticket/861 [2] #870: http://tracker.bro-ids.org/bro/ticket/870 From noreply at bro-ids.org Mon Sep 3 00:00:29 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Mon, 3 Sep 2012 00:00:29 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209030700.q8370TgG024361@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 861 [1] | hui | | Normal | Merging DNP3 Analyzer Bro | 870 [2] | robin | | Normal | Merge Modbus analyzer [1] #861: http://tracker.bro-ids.org/bro/ticket/861 [2] #870: http://tracker.bro-ids.org/bro/ticket/870 From bro at tracker.bro-ids.org Mon Sep 3 11:29:23 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 03 Sep 2012 18:29:23 -0000 Subject: [Bro-Dev] #861: Merging DNP3 Analyzer In-Reply-To: <045.d25b5df6a13b96f4b3e3618bd9398e58@tracker.bro-ids.org> References: <045.d25b5df6a13b96f4b3e3618bd9398e58@tracker.bro-ids.org> Message-ID: <060.5bd91d5e6567c5f5f712996e0f271b38@tracker.bro-ids.org> #861: Merging DNP3 Analyzer ---------------------+------------------------ Reporter: hui | Owner: robin Type: Task | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: dnp3 ---------------------+------------------------ Changes (by robin): * cc: hlin33@? (added) * owner: => robin * status: new => assigned * type: Merge Request => Task -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Sep 3 11:29:56 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 03 Sep 2012 18:29:56 -0000 Subject: [Bro-Dev] #870: Merge Modbus analyzer In-Reply-To: <047.8a1df8bdf67712135b5746491e183bd3@tracker.bro-ids.org> References: <047.8a1df8bdf67712135b5746491e183bd3@tracker.bro-ids.org> Message-ID: <062.64cde217c13fe93d8f6ae42fa4ebf050@tracker.bro-ids.org> #870: Merge Modbus analyzer ---------------------+------------------------ Reporter: robin | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ---------------------+------------------------ Changes (by robin): * type: Merge Request => Task -- Ticket URL: Bro Tracker Bro Issue Tracker From robin at icir.org Wed Sep 5 23:36:01 2012 From: robin at icir.org (Robin Sommer) Date: Wed, 5 Sep 2012 23:36:01 -0700 Subject: [Bro-Dev] [Bro-Commits] [git/bro] fastpath: Fix "!=" operator for subnets (9357aeb) In-Reply-To: <201209052155.q85LtLSS023017@bro-ids.icir.org> References: <201209052155.q85LtLSS023017@bro-ids.icir.org> Message-ID: <20120906063601.GB99933@icir.org> On Wed, Sep 05, 2012 at 14:55 -0700, Daniel Thayer wrote: > Fixed a bug where the "!=" operator with subnet operands > was treated the same as the "==" operator. Good catch! Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From noreply at bro-ids.org Thu Sep 6 00:02:01 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Thu, 6 Sep 2012 00:02:01 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209060702.q86721la000920@bro-ids.icir.org> > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | cd21eb5 | Daniel Thayer | 2012-09-05 | Fix the "-=" operator for intervals [1] bro | 9357aeb | Daniel Thayer | 2012-09-05 | Fix "!=" operator for subnets [2] bro | a10093b | Jon Siwek | 2012-09-05 | Add sleeps to configuration_update test for better reliability. [3] bro | 63a550f | Daniel Thayer | 2012-09-05 | Fix a segfault when iterating over a set [4] [1] fastpath: http://tracker.bro-ids.org/bro/changeset/cd21eb5b6afe384d044c44a8bb98f3c163532ecb/bro [2] fastpath: http://tracker.bro-ids.org/bro/changeset/9357aeb6b19adc0a3ab4b72de90c347a132cc000/bro [3] fastpath: http://tracker.bro-ids.org/bro/changeset/a10093b620a1dab8d7955b43ac237c40ecfa9bcf/bro [4] fastpath: http://tracker.bro-ids.org/bro/changeset/63a550fa9e9b2c2a84b0769c683ccd183e10fefb/bro From bro at tracker.bro-ids.org Fri Sep 7 09:41:34 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 07 Sep 2012 16:41:34 -0000 Subject: [Bro-Dev] #872: topic/dnthayer/language-tests Message-ID: <050.4fe6e902439bc01e90b71f3275aa8229@tracker.bro-ids.org> #872: topic/dnthayer/language-tests ---------------------------+------------------------ Reporter: dnthayer | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ Added tests of bro script language features. These tests include tests of the built-in Bro data types (tested different representations of constant values, max./min. values, and allowed operations on each data type), keywords, and operators (including special properties of certain operators, such as short-circuit evaluation and associativity). Several bugs in bro were found (and fixed) as a result of these tests, but there are still two known issues remaining (marked in the test scripts with "TODO" comments): 1) Calling an event that was declared locally (without an event body) and assigned to an existing event doesn't seem to do anything 2) Writing interval constants with a decimal point but without a space (such as 2.5day, or 2.1usec) causes bro to exit with an error because it's interpreting the interval constant as a host name -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Sep 7 10:02:45 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 07 Sep 2012 17:02:45 -0000 Subject: [Bro-Dev] #872: topic/dnthayer/language-tests In-Reply-To: <050.4fe6e902439bc01e90b71f3275aa8229@tracker.bro-ids.org> References: <050.4fe6e902439bc01e90b71f3275aa8229@tracker.bro-ids.org> Message-ID: <065.173921632f2f2a6ce94e81f9269069d2@tracker.bro-ids.org> #872: topic/dnthayer/language-tests ----------------------------+------------------------ Reporter: dnthayer | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Comment (by slagell): #2 looks like it should not be too hard to fix, and kind of important. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Sep 7 10:10:03 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 07 Sep 2012 17:10:03 -0000 Subject: [Bro-Dev] #872: topic/dnthayer/language-tests In-Reply-To: <050.4fe6e902439bc01e90b71f3275aa8229@tracker.bro-ids.org> References: <050.4fe6e902439bc01e90b71f3275aa8229@tracker.bro-ids.org> Message-ID: <065.7a5833fdafd69ccfbddc28636045c828@tracker.bro-ids.org> #872: topic/dnthayer/language-tests ----------------------------+------------------------ Reporter: dnthayer | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Comment (by dnthayer): Replying to [comment:1 slagell]: > #2 looks like it should not be too hard to fix, and kind of important. Yeah, we could either just say that a space is required in interval constants (no code changes needed), or try to fix it in the code. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Sep 7 10:43:30 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 07 Sep 2012 17:43:30 -0000 Subject: [Bro-Dev] #873: topic/dnthayer/faq-update Message-ID: <050.4538bb288434b227bbfe0e893e6cead2@tracker.bro-ids.org> #873: topic/dnthayer/faq-update ---------------------------+------------------------ Reporter: dnthayer | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ Added an item on the FAQ page about broctl options overriding bro script variables. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Sep 7 11:02:22 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 07 Sep 2012 18:02:22 -0000 Subject: [Bro-Dev] #872: topic/dnthayer/language-tests In-Reply-To: <050.4fe6e902439bc01e90b71f3275aa8229@tracker.bro-ids.org> References: <050.4fe6e902439bc01e90b71f3275aa8229@tracker.bro-ids.org> Message-ID: <065.d139e0de393ace8d95de3da8c18ef690@tracker.bro-ids.org> #872: topic/dnthayer/language-tests ----------------------------+------------------------ Reporter: dnthayer | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Comment (by amannb): Just pushed something to fastpath that should fix it. (commit f6c9b69eda29913c51e09b51daa8ed5a3f416513) -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Sat Sep 8 00:00:01 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 8 Sep 2012 00:00:01 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209080700.q88701bf030951@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [5] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [6] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [7] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro From noreply at bro-ids.org Sun Sep 9 00:00:03 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sun, 9 Sep 2012 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209090700.q8970311026819@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [5] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [6] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [7] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro From noreply at bro-ids.org Mon Sep 10 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Mon, 10 Sep 2012 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209100700.q8A70223030338@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [5] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [6] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [7] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro From noreply at bro-ids.org Tue Sep 11 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Tue, 11 Sep 2012 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209110700.q8B702cH024798@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [5] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [6] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [7] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro From bro at tracker.bro-ids.org Tue Sep 11 14:22:40 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 11 Sep 2012 21:22:40 -0000 Subject: [Bro-Dev] #714: broctl install copies policy files to the .site folder in incorrect order In-Reply-To: <049.e82f01374139587adf91a206d94fbd55@tracker.bro-ids.org> References: <049.e82f01374139587adf91a206d94fbd55@tracker.bro-ids.org> Message-ID: <064.ab43d14446dc1a9b09a8d9fa7dfe9818@tracker.bro-ids.org> #714: broctl install copies policy files to the .site folder in incorrect order -------------------------+----------------- Reporter: aashish | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Component: BroControl | Version: Resolution: | Keywords: -------------------------+----------------- Changes (by dnthayer): * component: Bro => BroControl -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Wed Sep 12 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Wed, 12 Sep 2012 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209120700.q8C702hx006585@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [5] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [6] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [7] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro From bro at tracker.bro-ids.org Wed Sep 12 05:52:31 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 12 Sep 2012 12:52:31 -0000 Subject: [Bro-Dev] #874: Handling Modbus exception FC Message-ID: <046.21e54265f80e2b15a475f823f90452d6@tracker.bro-ids.org> #874: Handling Modbus exception FC ------------------------+--------------------------------------------- Reporter: dina | Type: Task Status: new | Priority: Normal Milestone: | Component: Bro Version: git/master | Keywords: Modbus analyser, exception , fc ------------------------+--------------------------------------------- event modbus_exception is a general exception and the 'fc' that is returned here is 'original_request_fc'+128. This means if I send a request with Fc=3 and something goes bad,I will get this exception with fc=131. I thought it would be useful to immediately subtract this value and show in the log exact Fc where the exception was triggered. A small function for this I put before in modbus/utils.bro (on my branch), but its not in the topic/robin/modbus-merge branch. I suggest to implement this functionality. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Sep 12 06:10:37 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 12 Sep 2012 13:10:37 -0000 Subject: [Bro-Dev] #874: Handling Modbus exception FC In-Reply-To: <046.21e54265f80e2b15a475f823f90452d6@tracker.bro-ids.org> References: <046.21e54265f80e2b15a475f823f90452d6@tracker.bro-ids.org> Message-ID: <061.640dd8a540ede0db4ae41410516a4990@tracker.bro-ids.org> #874: Handling Modbus exception FC ---------------------+--------------------------------------------- Reporter: dina | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: Modbus analyser, exception , fc ---------------------+--------------------------------------------- Changes (by robin): * milestone: => Bro2.2 -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Sep 12 06:29:08 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 12 Sep 2012 13:29:08 -0000 Subject: [Bro-Dev] #875: Modbus REF parameter Message-ID: <046.56de3d908c5d57cdef5109800b27fc89@tracker.bro-ids.org> #875: Modbus REF parameter ------------------------+----------------------------------------- Reporter: dina | Type: Task Status: new | Priority: Normal Milestone: | Component: Bro Version: git/master | Keywords: Modbus analyser, REF offset ------------------------+----------------------------------------- By Modbus specification, different FC implicitly use different parts of the PLC memory. Looking on the wire only, we do not see this. I think it would be useful to include this knowledge about where is the specific data from a packet supposed to be written in logs immediately. For example, fc=3,6,16 work with PLC memory addresses that are >40000, fc=4 work with values 30000-40000. On the wire we only see the REF parameter which is typically 0-10000 (so its a 'local' offset), thus we do not see the memory offset there. This part is implemented in the client by adding different offsets to the REF value in each packet. (e.g., if fc=3,6,16 use offset 40000 so real_ref=40000+ref). I used these offsets to make logs in the .bro script in my branch. This division of 10000 addresses is sth I see as a practice on forums and some unofficial manuals, but its not defined in the specification. I assume that, based on PLC capacity, there could be different kind of division between different parts of the memory map. I suggest that we make a configuration file that defines the division of PLC memory space and which offsets do specific FCs use. As default, we can put this division which i see as common practice. In specific cases, users can change that config file to do proper remapping. Seth, you can find a a bit more about this division (and exact offsets per each FC) here: http://www.simplymodbus.ca/faq.htm -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Sep 12 06:53:51 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 12 Sep 2012 13:53:51 -0000 Subject: [Bro-Dev] #875: Modbus REF parameter In-Reply-To: <046.56de3d908c5d57cdef5109800b27fc89@tracker.bro-ids.org> References: <046.56de3d908c5d57cdef5109800b27fc89@tracker.bro-ids.org> Message-ID: <061.9f5659bf1c0bc66dab813f6146067875@tracker.bro-ids.org> #875: Modbus REF parameter ---------------------+----------------------------------------- Reporter: dina | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: Modbus analyser, REF offset ---------------------+----------------------------------------- Changes (by robin): * milestone: => Bro2.2 -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Sep 12 07:49:03 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 12 Sep 2012 14:49:03 -0000 Subject: [Bro-Dev] #875: Modbus REF parameter In-Reply-To: <046.56de3d908c5d57cdef5109800b27fc89@tracker.bro-ids.org> References: <046.56de3d908c5d57cdef5109800b27fc89@tracker.bro-ids.org> Message-ID: <061.94408da48e6b034b7496c08dc4ad33df@tracker.bro-ids.org> #875: Modbus REF parameter ---------------------+----------------------------------------- Reporter: dina | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: Modbus analyser, REF offset ---------------------+----------------------------------------- Comment (by seth): > I suggest that we make a configuration file that defines the division of > PLC memory space and which offsets do specific FCs use. As default, we can > put this division which i see as common practice. In specific cases, users > can change that config file to do proper remapping. Agreed, I think this makes a lot of sense. It will probably be one of the standard "detection" scripts that we will ship with. Thanks. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Thu Sep 13 00:00:01 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Thu, 13 Sep 2012 00:00:01 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209130700.q8D701qc013805@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [5] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [6] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [7] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro From bro at tracker.bro-ids.org Thu Sep 13 06:42:18 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 13 Sep 2012 13:42:18 -0000 Subject: [Bro-Dev] #876: BroControl "diag" emails Message-ID: <046.b720fcd2aac59166bd3a426e1051d076@tracker.bro-ids.org> #876: BroControl "diag" emails -----------------------------+------------------------ Reporter: seth | Owner: dnthayer Type: Feature Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: BroControl | Version: git/master Keywords: | -----------------------------+------------------------ The BroControl "diag" emails should have a stanza at the beginning about recommending that the email be forwarded to a crash-specific mailing list for us to try and debug problems better. Robin's suggested wording was along these lines {{{ we could put a sentence at the the beignning of the mail that says "if you want to help us debug this problem, please forward this mail to XXX", perhaps with a reply-to accordingly set. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Sep 13 07:29:10 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 13 Sep 2012 14:29:10 -0000 Subject: [Bro-Dev] #768: Inline monitoring of modified scripts. In-Reply-To: <046.1ca40d01be659875b87df303d68539c8@tracker.bro-ids.org> References: <046.1ca40d01be659875b87df303d68539c8@tracker.bro-ids.org> Message-ID: <061.bf0102f0fd45c6bb9ff93f4c2d9633de@tracker.bro-ids.org> #768: Inline monitoring of modified scripts. -------------------------+------------------------ Reporter: seth | Owner: dnthayer Type: Problem | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: BroControl | Version: git/master Resolution: | Keywords: -------------------------+------------------------ Comment (by seth): Daniel, still poking around for thoughts on this ticket. Have you looked into what work would need done to make it happen? -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Fri Sep 14 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Fri, 14 Sep 2012 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209140700.q8E702bu027771@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 6d1abdb | Jon Siwek | 2012-09-13 | Adjusting Mac binary packaging script. [5] bro | 292bf61 | Jon Siwek | 2012-09-13 | Unit test reliability adjustment. [6] bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [7] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [8] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [9] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/6d1abdb661b98726c2c77e171bbab0a65e024f54/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/292bf61ae8cbdae6773b675ad5d33884c7fc7fd4/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [9] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro From bro at tracker.bro-ids.org Fri Sep 14 10:50:42 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 14 Sep 2012 17:50:42 -0000 Subject: [Bro-Dev] #26: case insensitive regular expressions In-Reply-To: <046.959a2fb086a088fdd9e390842cd9bbbb@tracker.bro-ids.org> References: <046.959a2fb086a088fdd9e390842cd9bbbb@tracker.bro-ids.org> Message-ID: <061.94c275e403ab37fd7b9e93fd8753ef7c@tracker.bro-ids.org> #26: case insensitive regular expressions ------------------------------+------------------ Reporter: vern | Owner: Type: Feature Request | Status: seen Priority: Normal | Milestone: Component: Bro | Version: Resolution: | Keywords: ------------------------------+------------------ Comment (by petiepooo): Can {{{/abc/i}}} be shorthand for {{{/[Aa][Bb][Cc]/}}} when it gets processed? That makes the human expressions easier to read, and leaves the nasty verbose stuff for internals. I believe it would also allow the concatenation operation mentioned above (it becomes {{{/[Aa][Bb][Cc]DEF/}}}), but would not handle addition of more insensitive strings without explicitly making the additions insensitive. Eg. {{{redef += /DEF/i;}}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Fri Sep 14 11:28:42 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 14 Sep 2012 18:28:42 -0000 Subject: [Bro-Dev] #26: case insensitive regular expressions In-Reply-To: <046.959a2fb086a088fdd9e390842cd9bbbb@tracker.bro-ids.org> References: <046.959a2fb086a088fdd9e390842cd9bbbb@tracker.bro-ids.org> Message-ID: <061.684ca11f721bd82faa45926501d96c47@tracker.bro-ids.org> #26: case insensitive regular expressions ------------------------------+------------------ Reporter: vern | Owner: Type: Feature Request | Status: seen Priority: Normal | Milestone: Component: Bro | Version: Resolution: | Keywords: ------------------------------+------------------ Comment (by seth): > Can {{{/abc/i}}} be shorthand for {{{/[Aa][Bb][Cc]/}}} when it gets > processed? That makes the human expressions easier to read, and leaves I've actually had this implemented in a branch for quite a while, but there are some issues with how regular expressions are merged internally where we can't currently leave the case insensitivity for one of the regular expressions and and have another one case sensitive. Here's an example? {{{ const my_regex = /abc/i | /def/; }}} When combined, you'd like that to be the same as? {{{ /([aA][bB][cC]|def)/ }}} But that doesn't work right now without doing some larger changes to Bro regular expression support. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Sat Sep 15 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 15 Sep 2012 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209150700.q8F7021j007669@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 6fbbf28 | Jon Siwek | 2012-09-14 | Update compile/dependency docs for OS X. [5] bro | 6d1abdb | Jon Siwek | 2012-09-13 | Adjusting Mac binary packaging script. [6] bro | 292bf61 | Jon Siwek | 2012-09-13 | Unit test reliability adjustment. [7] bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [8] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [9] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [10] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/6fbbf2829023036333231ffe00f89802b1f7bee0/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/6d1abdb661b98726c2c77e171bbab0a65e024f54/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/292bf61ae8cbdae6773b675ad5d33884c7fc7fd4/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [9] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro From noreply at bro-ids.org Sun Sep 16 00:00:03 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sun, 16 Sep 2012 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209160700.q8G703pD022519@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 6fbbf28 | Jon Siwek | 2012-09-14 | Update compile/dependency docs for OS X. [5] bro | 6d1abdb | Jon Siwek | 2012-09-13 | Adjusting Mac binary packaging script. [6] bro | 292bf61 | Jon Siwek | 2012-09-13 | Unit test reliability adjustment. [7] bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [8] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [9] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [10] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/6fbbf2829023036333231ffe00f89802b1f7bee0/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/6d1abdb661b98726c2c77e171bbab0a65e024f54/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/292bf61ae8cbdae6773b675ad5d33884c7fc7fd4/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [9] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro From noreply at bro-ids.org Mon Sep 17 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Mon, 17 Sep 2012 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209170700.q8H702j0019356@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 6fbbf28 | Jon Siwek | 2012-09-14 | Update compile/dependency docs for OS X. [5] bro | 6d1abdb | Jon Siwek | 2012-09-13 | Adjusting Mac binary packaging script. [6] bro | 292bf61 | Jon Siwek | 2012-09-13 | Unit test reliability adjustment. [7] bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [8] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [9] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [10] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/6fbbf2829023036333231ffe00f89802b1f7bee0/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/6d1abdb661b98726c2c77e171bbab0a65e024f54/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/292bf61ae8cbdae6773b675ad5d33884c7fc7fd4/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [9] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro From noreply at bro-ids.org Tue Sep 18 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Tue, 18 Sep 2012 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209180700.q8I702aR015935@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 6fbbf28 | Jon Siwek | 2012-09-14 | Update compile/dependency docs for OS X. [5] bro | 6d1abdb | Jon Siwek | 2012-09-13 | Adjusting Mac binary packaging script. [6] bro | 292bf61 | Jon Siwek | 2012-09-13 | Unit test reliability adjustment. [7] bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [8] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [9] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [10] btest | 92f788e | Daniel Thayer | 2012-09-17 | Fix a couple of reST formatting problems [11] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/6fbbf2829023036333231ffe00f89802b1f7bee0/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/6d1abdb661b98726c2c77e171bbab0a65e024f54/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/292bf61ae8cbdae6773b675ad5d33884c7fc7fd4/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [9] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/92f788e5446f872af90118bdde0392c084cfeb8c/btest From bro at tracker.bro-ids.org Tue Sep 18 09:08:03 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 18 Sep 2012 16:08:03 -0000 Subject: [Bro-Dev] #26: case insensitive regular expressions In-Reply-To: <046.959a2fb086a088fdd9e390842cd9bbbb@tracker.bro-ids.org> References: <046.959a2fb086a088fdd9e390842cd9bbbb@tracker.bro-ids.org> Message-ID: <061.ff4294b5cc401085b3bc329988daa7f8@tracker.bro-ids.org> #26: case insensitive regular expressions ------------------------------+-------------------- Reporter: vern | Owner: Type: Feature Request | Status: seen Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: | Keywords: ------------------------------+-------------------- Changes (by jsiwek): * milestone: => Bro2.2 Comment: Replying to [comment:8 seth]: > > Can {{{/abc/i}}} be shorthand for {{{/[Aa][Bb][Cc]/}}} when it gets > > processed? That makes the human expressions easier to read, and leaves > > > I've actually had this implemented in a branch for quite a while, but there are some issues with how regular expressions are merged internally where we can't currently leave the case insensitivity for one of the regular expressions and and have another one case sensitive. I think your branch internally modified `RE_Matcher` to handle case sensitivity and that's where the problem combining them was? But I think they were suggesting just modify the parser to recognize {{{/abc/i}}} such that it takes the pattern text of {{{abc}}} and expands it to {{{[aA][bB][cC]}}} then create the `RE_Matcher` based on that (as if the user had manually written out that longer form). > Here's an example? > > {{{ > const my_regex = /abc/i | /def/; > }}} > > When combined, you'd like that to be the same as? > > {{{ > /([aA][bB][cC]|def)/ > }}} > > But that doesn't work right now without doing some larger changes to Bro regular expression support. I think that quick hack of expanding/substituting the pattern text would work that way without changing any internals relating to case sensitivity? It just makes it so a script-writer doesn't have to write the full form and increases readability. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Tue Sep 18 13:15:00 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Tue, 18 Sep 2012 20:15:00 -0000 Subject: [Bro-Dev] #26: case insensitive regular expressions In-Reply-To: <046.959a2fb086a088fdd9e390842cd9bbbb@tracker.bro-ids.org> References: <046.959a2fb086a088fdd9e390842cd9bbbb@tracker.bro-ids.org> Message-ID: <061.5bb0256e2b228e6c500f76c9989dd047@tracker.bro-ids.org> #26: case insensitive regular expressions ------------------------------+-------------------- Reporter: vern | Owner: Type: Feature Request | Status: seen Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: | Keywords: ------------------------------+-------------------- Comment (by seth): > I think your branch internally modified `RE_Matcher` to handle case > sensitivity and that's where the problem combining them was? I don't recall exactly where I implemented it actually but I took cues from the code itself (it looked like someone had started to think down the route of case-insensitivity at some point). > But I think they were suggesting just modify the parser to recognize > {{{/abc/i}}} such that it takes the pattern text of {{{abc}}} and expands > it to {{{[aA][bB][cC]}}} then create the `RE_Matcher` based on that (as if > the user had manually written out that longer form). That sounds somewhat hard, is it? > I think that quick hack of expanding/substituting the pattern text would > work that way without changing any internals relating to case sensitivity? > It just makes it so a script-writer doesn't have to write the full form > and increases readability. It would be the easiest thing from the perspective of trying to integrate into the existing architecture. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Wed Sep 19 00:00:01 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Wed, 19 Sep 2012 00:00:01 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209190700.q8J701h5011461@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 392b99b | Jon Siwek | 2012-09-18 | Fix construction of ip6_ah (Authentication Header) record values. [5] bro | 6fbbf28 | Jon Siwek | 2012-09-14 | Update compile/dependency docs for OS X. [6] bro | 6d1abdb | Jon Siwek | 2012-09-13 | Adjusting Mac binary packaging script. [7] bro | 292bf61 | Jon Siwek | 2012-09-13 | Unit test reliability adjustment. [8] bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [9] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [10] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [11] btest | 92f788e | Daniel Thayer | 2012-09-17 | Fix a couple of reST formatting problems [12] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/392b99b2fa4b7bdda267eca55d4cc57d85e88641/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/6fbbf2829023036333231ffe00f89802b1f7bee0/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/6d1abdb661b98726c2c77e171bbab0a65e024f54/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/292bf61ae8cbdae6773b675ad5d33884c7fc7fd4/bro [9] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/92f788e5446f872af90118bdde0392c084cfeb8c/btest From bro at tracker.bro-ids.org Wed Sep 19 09:48:18 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 19 Sep 2012 16:48:18 -0000 Subject: [Bro-Dev] #26: case insensitive regular expressions In-Reply-To: <046.959a2fb086a088fdd9e390842cd9bbbb@tracker.bro-ids.org> References: <046.959a2fb086a088fdd9e390842cd9bbbb@tracker.bro-ids.org> Message-ID: <061.8246b23454a714167bf134aeb0518024@tracker.bro-ids.org> #26: case insensitive regular expressions ------------------------------+-------------------- Reporter: vern | Owner: Type: Feature Request | Status: seen Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: | Keywords: ------------------------------+-------------------- Comment (by jsiwek): > > But I think they were suggesting just modify the parser to recognize > > {{{/abc/i}}} such that it takes the pattern text of {{{abc}}} and expands > > it to {{{[aA][bB][cC]}}} then create the `RE_Matcher` based on that (as if > > the user had manually written out that longer form). > > That sounds somewhat hard, is it? Probably not if it only happened for simple pattern texts like strings with alphanumeric characters only (the common case?). Not sure if people would be ok with that incomplete of a solution, though. I kind of don't like it the more I think about it. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Wed Sep 19 11:44:58 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 19 Sep 2012 18:44:58 -0000 Subject: [Bro-Dev] #877: libCurl configure options Message-ID: <046.5730894ab0b50cbe92592bc3edadce6c@tracker.bro-ids.org> #877: libCurl configure options ---------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------+------------------------ Apparently I forgot to make an option to disable libcurl and to locate it in an alternate installation location. That needs to happen. Also, the libCurl detection needs to find the CURLOPT_CONNECTTIMEOUT_MS enum value since we use that and it wan't added until 7.16.2. Actually, it might be better to just use CURLOPT_CONNECTTIMEOUT which has been in libCurl much longer and we can't use the benefit that we would get from the _MS version anyway (since it requires building against a non-blocking DNS resolver and most people won't be doing that). Docs here: http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTCONNECTTIMEOUT -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Thu Sep 20 00:00:03 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Thu, 20 Sep 2012 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209200700.q8K703Iv021904@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 392b99b | Jon Siwek | 2012-09-18 | Fix construction of ip6_ah (Authentication Header) record values. [5] bro | 6fbbf28 | Jon Siwek | 2012-09-14 | Update compile/dependency docs for OS X. [6] bro | 6d1abdb | Jon Siwek | 2012-09-13 | Adjusting Mac binary packaging script. [7] bro | 292bf61 | Jon Siwek | 2012-09-13 | Unit test reliability adjustment. [8] bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [9] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [10] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [11] btest | 92f788e | Daniel Thayer | 2012-09-17 | Fix a couple of reST formatting problems [12] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/392b99b2fa4b7bdda267eca55d4cc57d85e88641/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/6fbbf2829023036333231ffe00f89802b1f7bee0/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/6d1abdb661b98726c2c77e171bbab0a65e024f54/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/292bf61ae8cbdae6773b675ad5d33884c7fc7fd4/bro [9] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/92f788e5446f872af90118bdde0392c084cfeb8c/btest From noreply at bro-ids.org Fri Sep 21 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Fri, 21 Sep 2012 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209210700.q8L702KL010984@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 392b99b | Jon Siwek | 2012-09-18 | Fix construction of ip6_ah (Authentication Header) record values. [5] bro | 6fbbf28 | Jon Siwek | 2012-09-14 | Update compile/dependency docs for OS X. [6] bro | 6d1abdb | Jon Siwek | 2012-09-13 | Adjusting Mac binary packaging script. [7] bro | 292bf61 | Jon Siwek | 2012-09-13 | Unit test reliability adjustment. [8] bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [9] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [10] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [11] broctl | af7d8ed | Daniel Thayer | 2012-09-19 | Update broctl documentation [12] btest | 92f788e | Daniel Thayer | 2012-09-17 | Fix a couple of reST formatting problems [13] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/392b99b2fa4b7bdda267eca55d4cc57d85e88641/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/6fbbf2829023036333231ffe00f89802b1f7bee0/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/6d1abdb661b98726c2c77e171bbab0a65e024f54/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/292bf61ae8cbdae6773b675ad5d33884c7fc7fd4/bro [9] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/af7d8ed47f6e3bae2da77d03730e6a00d8a010bb/broctl [1] fastpath: http://tracker.bro-ids.org/bro/changeset/92f788e5446f872af90118bdde0392c084cfeb8c/btest From noreply at bro-ids.org Sat Sep 22 00:00:06 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 22 Sep 2012 00:00:06 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209220700.q8M7063X003882@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 392b99b | Jon Siwek | 2012-09-18 | Fix construction of ip6_ah (Authentication Header) record values. [5] bro | 6fbbf28 | Jon Siwek | 2012-09-14 | Update compile/dependency docs for OS X. [6] bro | 6d1abdb | Jon Siwek | 2012-09-13 | Adjusting Mac binary packaging script. [7] bro | 292bf61 | Jon Siwek | 2012-09-13 | Unit test reliability adjustment. [8] bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [9] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [10] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [11] broctl | af7d8ed | Daniel Thayer | 2012-09-19 | Update broctl documentation [12] btest | 92f788e | Daniel Thayer | 2012-09-17 | Fix a couple of reST formatting problems [13] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/392b99b2fa4b7bdda267eca55d4cc57d85e88641/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/6fbbf2829023036333231ffe00f89802b1f7bee0/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/6d1abdb661b98726c2c77e171bbab0a65e024f54/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/292bf61ae8cbdae6773b675ad5d33884c7fc7fd4/bro [9] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/af7d8ed47f6e3bae2da77d03730e6a00d8a010bb/broctl [1] fastpath: http://tracker.bro-ids.org/bro/changeset/92f788e5446f872af90118bdde0392c084cfeb8c/btest From bro at tracker.bro-ids.org Sat Sep 22 23:29:54 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Sun, 23 Sep 2012 06:29:54 -0000 Subject: [Bro-Dev] #26: case insensitive regular expressions In-Reply-To: <046.959a2fb086a088fdd9e390842cd9bbbb@tracker.bro-ids.org> References: <046.959a2fb086a088fdd9e390842cd9bbbb@tracker.bro-ids.org> Message-ID: <061.6b691ad7ba2637591ef3ec1ca2bf9a34@tracker.bro-ids.org> #26: case insensitive regular expressions ------------------------------+-------------------- Reporter: vern | Owner: Type: Feature Request | Status: seen Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: Resolution: | Keywords: ------------------------------+-------------------- Comment (by vern): The approach of expanding like this will often work fine, but there are cases where it needs extra work for strict correctness. For example, consider [5-M] - this needs to become [5- at A-Ma-m], presumably. While such a character class range likely will almost never be used, if we care about the behavior being fully solid, we need to address it. (Hmmm, and uglier would be [5-a]. This includes A-Z within it; does it now include a-z too?) There's also a lingering ugliness concerning the definition of case sensitivity for non-ASCII character sets, though presumably we don't want to go there regardless ... -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Sun Sep 23 00:00:03 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sun, 23 Sep 2012 00:00:03 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209230700.q8N703Eo025899@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 392b99b | Jon Siwek | 2012-09-18 | Fix construction of ip6_ah (Authentication Header) record values. [5] bro | 6fbbf28 | Jon Siwek | 2012-09-14 | Update compile/dependency docs for OS X. [6] bro | 6d1abdb | Jon Siwek | 2012-09-13 | Adjusting Mac binary packaging script. [7] bro | 292bf61 | Jon Siwek | 2012-09-13 | Unit test reliability adjustment. [8] bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [9] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [10] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [11] broctl | af7d8ed | Daniel Thayer | 2012-09-19 | Update broctl documentation [12] btest | 92f788e | Daniel Thayer | 2012-09-17 | Fix a couple of reST formatting problems [13] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/392b99b2fa4b7bdda267eca55d4cc57d85e88641/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/6fbbf2829023036333231ffe00f89802b1f7bee0/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/6d1abdb661b98726c2c77e171bbab0a65e024f54/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/292bf61ae8cbdae6773b675ad5d33884c7fc7fd4/bro [9] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/af7d8ed47f6e3bae2da77d03730e6a00d8a010bb/broctl [1] fastpath: http://tracker.bro-ids.org/bro/changeset/92f788e5446f872af90118bdde0392c084cfeb8c/btest From noreply at bro-ids.org Mon Sep 24 00:00:02 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Mon, 24 Sep 2012 00:00:02 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209240700.q8O702wk010592@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 872 [1] | dnthayer | | Normal | topic/dnthayer/language-tests [2] Bro | 873 [3] | dnthayer | | Normal | topic/dnthayer/faq-update [4] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | 392b99b | Jon Siwek | 2012-09-18 | Fix construction of ip6_ah (Authentication Header) record values. [5] bro | 6fbbf28 | Jon Siwek | 2012-09-14 | Update compile/dependency docs for OS X. [6] bro | 6d1abdb | Jon Siwek | 2012-09-13 | Adjusting Mac binary packaging script. [7] bro | 292bf61 | Jon Siwek | 2012-09-13 | Unit test reliability adjustment. [8] bro | bd84ff2 | Jon Siwek | 2012-09-07 | Adjusting some unit tests that do cluster communication. [9] bro | 67d01ab | Jon Siwek | 2012-09-07 | Small change to non-blocking DNS initialization. [10] bro | f6c9b69 | Bernhard Amann | 2012-09-07 | reorder a few statements in scan.l to make 1.5msecs etc work. [11] broctl | af7d8ed | Daniel Thayer | 2012-09-19 | Update broctl documentation [12] btest | 92f788e | Daniel Thayer | 2012-09-17 | Fix a couple of reST formatting problems [13] [1] #872: http://tracker.bro-ids.org/bro/ticket/872 [2] language-tests: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/language-tests [3] #873: http://tracker.bro-ids.org/bro/ticket/873 [4] faq-update: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/faq-update [5] fastpath: http://tracker.bro-ids.org/bro/changeset/392b99b2fa4b7bdda267eca55d4cc57d85e88641/bro [6] fastpath: http://tracker.bro-ids.org/bro/changeset/6fbbf2829023036333231ffe00f89802b1f7bee0/bro [7] fastpath: http://tracker.bro-ids.org/bro/changeset/6d1abdb661b98726c2c77e171bbab0a65e024f54/bro [8] fastpath: http://tracker.bro-ids.org/bro/changeset/292bf61ae8cbdae6773b675ad5d33884c7fc7fd4/bro [9] fastpath: http://tracker.bro-ids.org/bro/changeset/bd84ff2c2051ff34a4b2060cce718875e23acf8c/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/67d01ab9e9d1edebb8d7b19795fc07d3023d5b22/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/f6c9b69eda29913c51e09b51daa8ed5a3f416513/bro [1] fastpath: http://tracker.bro-ids.org/bro/changeset/af7d8ed47f6e3bae2da77d03730e6a00d8a010bb/broctl [1] fastpath: http://tracker.bro-ids.org/bro/changeset/92f788e5446f872af90118bdde0392c084cfeb8c/btest From vladg at cmu.edu Mon Sep 24 09:19:13 2012 From: vladg at cmu.edu (Vlad Grigorescu) Date: Mon, 24 Sep 2012 16:19:13 +0000 Subject: [Bro-Dev] Bro Cluster Firewall Rules Documentation Message-ID: <1202BE242E080642B0CD0AD0A03E855247186C@PGH-MSGMB-03.andrew.ad.cmu.edu> Hello, I was doing some work setting up iptables for a Bro cluster, and found that the open ports necessary aren't well documented. I took an initial stab at documenting this at: . It's quite possible that the rules are more permissive than they should be (e.g. I'm not sure if the proxy needs to be able to reach the workers, if the workers need to be able to reach the proxy, or both). Also, I didn't cover the case of multiple proxies, since I'm not sure what the requirements are there. Hope this is a useful jumping-off point. Thanks, --Vlad From bro at tracker.bro-ids.org Mon Sep 24 10:57:43 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 24 Sep 2012 17:57:43 -0000 Subject: [Bro-Dev] #878: topic/jsiwek/xml-output Message-ID: <048.2c4e6fd6691c1dfe084fb4dfc6a88f77@tracker.bro-ids.org> #878: topic/jsiwek/xml-output ---------------------------+------------------------ Reporter: jsiwek | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: BTest | Version: git/master Keywords: | ---------------------------+------------------------ A branch in the `btest` repo that allows output of test results in XML format (parseable by Jenkins' default JUnit test result publisher). -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Sep 24 11:24:50 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 24 Sep 2012 18:24:50 -0000 Subject: [Bro-Dev] #872: topic/dnthayer/language-tests In-Reply-To: <050.4fe6e902439bc01e90b71f3275aa8229@tracker.bro-ids.org> References: <050.4fe6e902439bc01e90b71f3275aa8229@tracker.bro-ids.org> Message-ID: <065.14dcc149a5764b530d79098a6d9b28c5@tracker.bro-ids.org> #872: topic/dnthayer/language-tests -----------------------------+------------------------ Reporter: dnthayer | Owner: Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Changes (by robin): * status: new => closed * resolution: => Solved/Applied -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Sep 24 11:25:02 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 24 Sep 2012 18:25:02 -0000 Subject: [Bro-Dev] #873: topic/dnthayer/faq-update In-Reply-To: <050.4538bb288434b227bbfe0e893e6cead2@tracker.bro-ids.org> References: <050.4538bb288434b227bbfe0e893e6cead2@tracker.bro-ids.org> Message-ID: <065.539583ccb1b4559eee50a2c79712d528@tracker.bro-ids.org> #873: topic/dnthayer/faq-update -----------------------------+------------------------ Reporter: dnthayer | Owner: Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: Solved/Applied | Keywords: -----------------------------+------------------------ Changes (by robin): * status: new => closed * resolution: => Solved/Applied -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Sep 24 11:45:37 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 24 Sep 2012 18:45:37 -0000 Subject: [Bro-Dev] #878: topic/jsiwek/xml-output In-Reply-To: <048.2c4e6fd6691c1dfe084fb4dfc6a88f77@tracker.bro-ids.org> References: <048.2c4e6fd6691c1dfe084fb4dfc6a88f77@tracker.bro-ids.org> Message-ID: <063.11ae9b66ae2096e0fcaacf7e7c1f132d@tracker.bro-ids.org> #878: topic/jsiwek/xml-output ----------------------------+------------------------ Reporter: jsiwek | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: BTest | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [e83c5f6e02d6294747941d7a09f2dc327e8ab646/btest]: {{{ #!CommitTicketReference repository="btest" revision="e83c5f6e02d6294747941d7a09f2dc327e8ab646" Merge remote-tracking branch 'origin/topic/jsiwek/xml-output' * origin/topic/jsiwek/xml-output: Add option to output test results in an XML (JUnit-like) format. Nice! Closes #878. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Sep 24 11:55:34 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 24 Sep 2012 18:55:34 -0000 Subject: [Bro-Dev] #879: Bro cannot analyze some IPv6 related protocols Message-ID: <054.c2d6d71e946dbb74bb02faf54269756d@tracker.bro-ids.org> #879: Bro cannot analyze some IPv6 related protocols --------------------------+----------------------------- Reporter: sheharbano.k | Type: Feature Request Status: new | Priority: Normal Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: --------------------------+----------------------------- Bro can not analyze the following IPv6 related protocols: Node Information Query (rfc 4620) Inverse Neighbour Solicitation (rfc 3122) Mobile Prefix Solicitation (rfc 3775) Certificate Path Solicitation (rfc 3971) -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Sep 24 11:59:04 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 24 Sep 2012 18:59:04 -0000 Subject: [Bro-Dev] #880: Cannot do signature matching for ICMP payload Message-ID: <054.d1302df7172c22b24b96560b2aef73c6@tracker.bro-ids.org> #880: Cannot do signature matching for ICMP payload --------------------------+----------------------------- Reporter: sheharbano.k | Type: Feature Request Status: new | Priority: Normal Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: --------------------------+----------------------------- We cannot do signature-matching for ICMP payload. All the attacks launched by THC IPv6 tool (http://www.thc.org/thc-ipv6/) use ICMP payload for which a signature can be easily written. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Sep 24 12:03:21 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 24 Sep 2012 19:03:21 -0000 Subject: [Bro-Dev] #881: Event for incorrect option type in IPv6 hop-by-hop and dest extension header Message-ID: <054.e5d404857705d438889ef72cc12d657e@tracker.bro-ids.org> #881: Event for incorrect option type in IPv6 hop-by-hop and dest extension header --------------------------+----------------------------- Reporter: sheharbano.k | Type: Feature Request Status: new | Priority: Normal Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: --------------------------+----------------------------- We should have an event for incorrect option type in IPv6 hop-by-hop and dest extension header. Note that incorrect here means an option type that is not defined by IANA (http://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xml#ipv6-parameters-2) -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Sep 24 12:13:09 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 24 Sep 2012 19:13:09 -0000 Subject: [Bro-Dev] #882: Requests related to IPv6 routing extension header Message-ID: <054.6dc5a8a9e05917e5ab4edd13255b6094@tracker.bro-ids.org> #882: Requests related to IPv6 routing extension header --------------------------+----------------------------- Reporter: sheharbano.k | Type: Feature Request Status: new | Priority: Normal Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: --------------------------+----------------------------- 1). Generate event for RType=0 in IPv6 routing extension headers. RType=0 is deprecated and poses DoS risk (http://tools.ietf.org/html/rfc5095) 2) In Wireshark, i can see the Type-specific Data field of the routing header as addresses. Bro should be able to parse addresses in the type specific data field of the routing extension header, which it doesn't as of now. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Sep 24 12:17:05 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 24 Sep 2012 19:17:05 -0000 Subject: [Bro-Dev] #883: Event for large number of extension headers Message-ID: <054.b67a2e618bfcf7ca78a8692f8ebc537c@tracker.bro-ids.org> #883: Event for large number of extension headers --------------------------+--------------------- Reporter: sheharbano.k | Type: Problem Status: new | Priority: Normal Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: --------------------------+--------------------- We may want to generate an event for when the number of extension headers in a packet exceed a threshold T. Within a single packet, extension headers can be chained on and on. However, we are limited by path MTU. In this case fragmentation comes to our rescue. So the number of extension headers that can be stuffed inside the same packet is limited by the fragmentation offset which is a 13 bytes field in the fragment extension header. This number is still very big. I think we should perform this check in the core because counting the number of extension headers for every single IPv6 packet is expensive at the scripting layer. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Mon Sep 24 12:37:30 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 24 Sep 2012 19:37:30 -0000 Subject: [Bro-Dev] #882: Requests related to IPv6 routing extension header In-Reply-To: <054.6dc5a8a9e05917e5ab4edd13255b6094@tracker.bro-ids.org> References: <054.6dc5a8a9e05917e5ab4edd13255b6094@tracker.bro-ids.org> Message-ID: <069.7dc76aff300c00e965ca3fd10af06f87@tracker.bro-ids.org> #882: Requests related to IPv6 routing extension header ------------------------------+------------------------ Reporter: sheharbano.k | Owner: Type: Feature Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Comment (by jsiwek): Replying to [ticket:882 sheharbano.k]: > 1). Generate event for RType=0 in IPv6 routing extension headers. RType=0 is deprecated and poses DoS risk (http://tools.ietf.org/html/rfc5095) They currently create a weird called "routing0_hdr" which could be upgraded to a notice if desirable. > 2) In Wireshark, i can see the Type-specific Data field of the routing header as addresses. Bro should be able to parse addresses in the type specific data field of the routing extension header, which it doesn't as of now. The data itself is available in script-layer events which get extension headers (it's the *data* field of `ip6_routing` records). There's a BIF called `routing0_data_to_addrs` to parse out addresses for routing type 0 headers. Something could be done similarly for other types, but I hadn't tried too hard to find a way to parse the data at the script-layer alone, so if that's possible, it would be better. -- Ticket URL: Bro Tracker Bro Issue Tracker From robin at icir.org Mon Sep 24 11:17:11 2012 From: robin at icir.org (Robin Sommer) Date: Mon, 24 Sep 2012 11:17:11 -0700 Subject: [Bro-Dev] Failing unit test Message-ID: <20120924181711.GA6321@icir.org> I see one test failing consistently one my Linux box (while it works fine on Mac): language.when ... failed % 'btest-diff out' failed unexpectedly (exit code 1) % cat .diag == File =============================== done lookup successful == Diff =============================== --- /tmp/test-diff.24485.out.baseline.tmp 2012-09-24 17:40:03.554905092 +0000 +++ /tmp/test-diff.24485.out.tmp 2012-09-24 17:40:03.567905581 +0000 @@ -1 +1,2 @@ done +lookup successful ======================================= % cat .stderr Is that a race condition with the DNS lookup? Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From bro at tracker.bro-ids.org Mon Sep 24 12:57:13 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 24 Sep 2012 19:57:13 -0000 Subject: [Bro-Dev] #881: Event for incorrect option type in IPv6 hop-by-hop and dest extension header In-Reply-To: <054.e5d404857705d438889ef72cc12d657e@tracker.bro-ids.org> References: <054.e5d404857705d438889ef72cc12d657e@tracker.bro-ids.org> Message-ID: <069.1276123de41c924c69b5ee0d5daef2f0@tracker.bro-ids.org> #881: Event for incorrect option type in IPv6 hop-by-hop and dest extension header ------------------------------+------------------------ Reporter: sheharbano.k | Owner: Type: Feature Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ------------------------------+------------------------ Comment (by jsiwek): Replying to [ticket:881 sheharbano.k]: > We should have an event for incorrect option type in IPv6 hop-by-hop and dest extension header. Note that incorrect here means an option type that is not defined by IANA (http://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xml#ipv6-parameters-2) Maybe better is if there's some tunable script options that lets a user define for which option types they want such an event to be generated, and by default we could have it defined as the set of option types that are currently unassigned ? -- Ticket URL: Bro Tracker Bro Issue Tracker From jsiwek at illinois.edu Mon Sep 24 13:31:09 2012 From: jsiwek at illinois.edu (Siwek, Jonathan Luke) Date: Mon, 24 Sep 2012 20:31:09 +0000 Subject: [Bro-Dev] Failing unit test In-Reply-To: <20120924181711.GA6321@icir.org> References: <20120924181711.GA6321@icir.org> Message-ID: > language.when ? failed > Is that a race condition with the DNS lookup? Yeah, looks like the `when` condition should always get evaluated when Bro terminates, but just sometimes the lookup has finished and sometimes it hasn't. For the purpose of the test, maybe just run the bro instance with `btest-bg-run` and the listen script loaded so it blocks, then call `terminate()` in the body of the `when`. Jon From bro at tracker.bro-ids.org Mon Sep 24 13:32:37 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Mon, 24 Sep 2012 20:32:37 -0000 Subject: [Bro-Dev] #884: Scripting inconsistency in the input framework Message-ID: <054.9e9785f366de54bb61f65bfa53416a41@tracker.bro-ids.org> #884: Scripting inconsistency in the input framework --------------------------+--------------------- Reporter: sheharbano.k | Type: Problem Status: new | Priority: Normal Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: --------------------------+--------------------- If a table contains data read in using the input framework, the script for parsing through the table is not completely consistent with how 'normal' bro tables are parsed. For a normal table the following works fine: ---------------------------- type IdxIp: record { bad_ip: addr; }; global tb_ip: table[IdxIp] of count; tb_ip[ [$bad_ip=1.1.1.1] ] = 1; tb_ip[ [$bad_ip=2.2.2.2] ] = 2; local rec: IdxIp; for ( rec in tb_ip) print rec$bad_ip; ------------------------------------ However, if tb_ip has data that was read using the input framework, then the following generates the error : ------------------------------------ type IdxIp: record { bad_ip: addr; }; local rec: IdxIp; for ( rec in BlacklistMgr::blacklist_ip ) print rec$bad_ip; ------------------------------------- So instead, one must use the following syntax for tables related to the input framework: -------------------------------------- type IdxIp: record { bad_ip: addr; }; for ( [bad_ip] in BlacklistMgr::blacklist_ip ) print bad_ip; -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Tue Sep 25 00:00:04 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Tue, 25 Sep 2012 00:00:04 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209250700.q8P704Dm004512@bro-ids.icir.org> > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ broctl | af7d8ed | Daniel Thayer | 2012-09-19 | Update broctl documentation [1] btest | 92f788e | Daniel Thayer | 2012-09-17 | Fix a couple of reST formatting problems [2] [1] fastpath: http://tracker.bro-ids.org/bro/changeset/af7d8ed47f6e3bae2da77d03730e6a00d8a010bb/broctl [2] fastpath: http://tracker.bro-ids.org/bro/changeset/92f788e5446f872af90118bdde0392c084cfeb8c/btest From noreply at bro-ids.org Wed Sep 26 00:00:04 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Wed, 26 Sep 2012 00:00:04 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209260700.q8Q704Kv030982@bro-ids.icir.org> > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | f7e5550 | Daniel Thayer | 2012-09-25 | Uncomment some previously-broken tests [1] bro | 6f45a8f | Daniel Thayer | 2012-09-25 | Fix parsing of integers [2] bro | 1044762 | Jon Siwek | 2012-09-25 | Serialize language.when unit test with the "comm" group. [3] [1] fastpath: http://tracker.bro-ids.org/bro/changeset/f7e55509a447bb11136abe6e7cb21cb3de1037af/bro [2] fastpath: http://tracker.bro-ids.org/bro/changeset/6f45a8f4ef8e009b9fcf71df3ebf5024fd9c8544/bro [3] fastpath: http://tracker.bro-ids.org/bro/changeset/1044762dfa329b50a42972bb33d319ed3ae3091f/bro From seth at icir.org Wed Sep 26 07:35:21 2012 From: seth at icir.org (Seth Hall) Date: Wed, 26 Sep 2012 10:35:21 -0400 Subject: [Bro-Dev] [Bro-Commits] [git/bro] topic/seth/intel-framework: Functional intelligence framework. (a4af46e) In-Reply-To: <201209261409.q8QE92PC002370@bro-ids.icir.org> References: <201209261409.q8QE92PC002370@bro-ids.icir.org> Message-ID: On Sep 26, 2012, at 10:09 AM, Seth Hall wrote: > Functional intelligence framework. Hah, this was an old commit before I discovered that I needed to massively restructure the intelligence framework. As the other commit says, it's a mess right now and not suitable for use. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/ From bro at tracker.bro-ids.org Wed Sep 26 15:40:32 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Wed, 26 Sep 2012 22:40:32 -0000 Subject: [Bro-Dev] #885: topic/dnthayer/remove-unused-code Message-ID: <050.c9c8cc42d9b0b489e2a9dd84e0412d77@tracker.bro-ids.org> #885: topic/dnthayer/remove-unused-code ---------------------------+------------------------ Reporter: dnthayer | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ This branch removes deprecated BIFs, the deprecated attribute "&disable_print_hook", and the unused reserved keyword "this". Also removed one unused argument to a helper function (due to removal of a BIF that was using it). -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Thu Sep 27 00:00:07 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Thu, 27 Sep 2012 00:00:07 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209270700.q8R707dv018379@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 885 [1] | dnthayer | | Normal | topic/dnthayer/remove-unused-code [2] > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | d6f6714 | Jon Siwek | 2012-09-26 | Reliability adjustments to istate tests with network communication. [3] [1] #885: http://tracker.bro-ids.org/bro/ticket/885 [2] remove-unused-code: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/remove-unused-code [3] fastpath: http://tracker.bro-ids.org/bro/changeset/d6f671494ef2768b45c2eaf39cae00135379a886/bro From bro at tracker.bro-ids.org Thu Sep 27 12:28:17 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 27 Sep 2012 19:28:17 -0000 Subject: [Bro-Dev] #886: Older versions of libcurl break the build process Message-ID: <050.a7273f7161b3006f3ef0209c2404f5cd@tracker.bro-ids.org> #886: Older versions of libcurl break the build process ---------------------------+------------------------ Reporter: matthias | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ The Elastic Search plugin relies on newer version of libcurl for sub- second timeout specifications. However, this prevents a build on platforms with older libcurl versions. The branch `topic/matthias/libcurl-fix` addresses this issues. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Sep 27 12:33:21 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 27 Sep 2012 19:33:21 -0000 Subject: [Bro-Dev] #886: Older versions of libcurl break the build process In-Reply-To: <050.a7273f7161b3006f3ef0209c2404f5cd@tracker.bro-ids.org> References: <050.a7273f7161b3006f3ef0209c2404f5cd@tracker.bro-ids.org> Message-ID: <065.1661cc1fb9d949d8425a0a3ccb462000@tracker.bro-ids.org> #886: Older versions of libcurl break the build process ----------------------------+------------------------ Reporter: matthias | Owner: Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Comment (by seth): > The Elastic Search plugin relies on newer version of libcurl for sub- > second timeout specifications. However, this prevents a build on platforms > with older libcurl versions. The branch `topic/matthias/libcurl-fix` > addresses this issues. This is a duplicate of ticket #877 -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Sep 27 12:43:54 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 27 Sep 2012 19:43:54 -0000 Subject: [Bro-Dev] #887: Build fails with older Python C API Message-ID: <050.671d8e398f67659d7e3b79158119d101@tracker.bro-ids.org> #887: Build fails with older Python C API --------------------------+------------------------ Reporter: matthias | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.2 Component: pysubnettree | Version: git/master Keywords: | --------------------------+------------------------ Older Python bindings presumably rely on a concrete type when decrementing a reference count with `Py_DECREF`, breaking the build process: {{{ [ 77%] Building CXX object aux/broctl/aux/pysubnettree/CMakeFiles/_SubnetTree.dir/SubnetTree.cc.o ../bro/aux/broctl/aux/pysubnettree/SubnetTree.cc: In function ?void free_data(void*)?: ../bro/aux/broctl/aux/pysubnettree/SubnetTree.cc:90: error: ?void*? is not a pointer-to-object type }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Sep 27 12:46:26 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 27 Sep 2012 19:46:26 -0000 Subject: [Bro-Dev] #887: Build fails with older Python C API In-Reply-To: <050.671d8e398f67659d7e3b79158119d101@tracker.bro-ids.org> References: <050.671d8e398f67659d7e3b79158119d101@tracker.bro-ids.org> Message-ID: <065.029be57f5b2f21ce56144f1cb5a621e1@tracker.bro-ids.org> #887: Build fails with older Python C API ---------------------------+------------------------ Reporter: matthias | Owner: matthias Type: Problem | Status: closed Priority: Normal | Milestone: Bro2.2 Component: pysubnettree | Version: git/master Resolution: fixed | Keywords: ---------------------------+------------------------ Changes (by matthias): * owner: => matthias * status: new => closed * resolution: => fixed Comment: In [434a97456a17ab23e046a1116d0b5cb6a9b16b37/pysubnettree]: {{{ #!CommitTicketReference repository="pysubnettree" revision="434a97456a17ab23e046a1116d0b5cb6a9b16b37" Fix compile error with Python C API. Fixes #887. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Sep 27 12:47:18 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 27 Sep 2012 19:47:18 -0000 Subject: [Bro-Dev] #887: Build fails with older Python C API In-Reply-To: <050.671d8e398f67659d7e3b79158119d101@tracker.bro-ids.org> References: <050.671d8e398f67659d7e3b79158119d101@tracker.bro-ids.org> Message-ID: <065.610a699325e6cc2f1a2ab8e70b379963@tracker.bro-ids.org> #887: Build fails with older Python C API ----------------------------+------------------------ Reporter: matthias | Owner: matthias Type: Merge Request | Status: reopened Priority: Normal | Milestone: Bro2.2 Component: pysubnettree | Version: git/master Resolution: | Keywords: ----------------------------+------------------------ Changes (by matthias): * status: closed => reopened * type: Problem => Merge Request * resolution: fixed => -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Sep 27 12:50:05 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 27 Sep 2012 19:50:05 -0000 Subject: [Bro-Dev] #886: Older versions of libcurl break the build process In-Reply-To: <050.a7273f7161b3006f3ef0209c2404f5cd@tracker.bro-ids.org> References: <050.a7273f7161b3006f3ef0209c2404f5cd@tracker.bro-ids.org> Message-ID: <065.9bcd5f041ce004295678e56d2e286e1f@tracker.bro-ids.org> #886: Older versions of libcurl break the build process ----------------------------+------------------------ Reporter: matthias | Owner: Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: Duplicate | Keywords: ----------------------------+------------------------ Changes (by matthias): * status: new => closed * resolution: => Duplicate -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Sep 27 12:51:55 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 27 Sep 2012 19:51:55 -0000 Subject: [Bro-Dev] #877: libCurl configure options In-Reply-To: <046.5730894ab0b50cbe92592bc3edadce6c@tracker.bro-ids.org> References: <046.5730894ab0b50cbe92592bc3edadce6c@tracker.bro-ids.org> Message-ID: <061.601ac83ebbacd429706cb6075d8d651c@tracker.bro-ids.org> #877: libCurl configure options ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by matthias): I started some fixes in `topic/matthias/libcurl-fix`. Should we just switch to timouts with second granularity? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Sep 27 12:59:07 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 27 Sep 2012 19:59:07 -0000 Subject: [Bro-Dev] #877: libCurl configure options In-Reply-To: <046.5730894ab0b50cbe92592bc3edadce6c@tracker.bro-ids.org> References: <046.5730894ab0b50cbe92592bc3edadce6c@tracker.bro-ids.org> Message-ID: <061.78efb0883d5e12ad22c8abaa09b3bf20@tracker.bro-ids.org> #877: libCurl configure options ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by grigorescu): I think second granularity should be fine for ElasticSearch. ElasticSearch itself uses second granularity for its internal timeouts. If the curl functionality ever gets pulled out of the ES writer, though, and it starts being used for other things as well, we might have to revisit this. -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Sep 27 16:24:30 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 27 Sep 2012 23:24:30 -0000 Subject: [Bro-Dev] #888: Bro crashes on IPv6 subnet [::FFFF:0:0]/96 Message-ID: <054.da51ec8ed0c0114143b25b45dd4f9e5a@tracker.bro-ids.org> #888: Bro crashes on IPv6 subnet [::FFFF:0:0]/96 --------------------------+--------------------- Reporter: sheharbano.k | Type: Problem Status: new | Priority: High Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: --------------------------+--------------------- Bro cannot handle the subnet [::FFFF:0:0]/96 (IPv4 mapped IPv6 addresses- sec 2.2 of rfc5156). The error message says: internal error: Bad IPAddr(v4) IPPrefix length : 96 Aborted Works fine on other subnets. --------------------------------- test.bro --------------------------------- event bro_init() { local snet = [::FFFF:0:0]/96; #local snet = [1::]/96; print snet; } -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Sep 27 16:42:47 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Thu, 27 Sep 2012 23:42:47 -0000 Subject: [Bro-Dev] #877: libCurl configure options In-Reply-To: <046.5730894ab0b50cbe92592bc3edadce6c@tracker.bro-ids.org> References: <046.5730894ab0b50cbe92592bc3edadce6c@tracker.bro-ids.org> Message-ID: <061.9ee18705d5e77f38645cdae1ca3f201b@tracker.bro-ids.org> #877: libCurl configure options ----------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: ----------------------+------------------------ Comment (by matthias): It seems that timeouts were not working anyway, at least according to the script documentation. I believe this was due to a typing mismatch when setting the corresponding libcurl parameter. It is fixed in the topic branch. Since I don't have an ElasticSearch deployment, could you test whether it works for you now with this topic branch? -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Thu Sep 27 20:59:20 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Fri, 28 Sep 2012 03:59:20 -0000 Subject: [Bro-Dev] #861: Merging DNP3 Analyzer In-Reply-To: <045.d25b5df6a13b96f4b3e3618bd9398e58@tracker.bro-ids.org> References: <045.d25b5df6a13b96f4b3e3618bd9398e58@tracker.bro-ids.org> Message-ID: <060.c61f23a013b6a82fb5e817fe1d3440c2@tracker.bro-ids.org> #861: Merging DNP3 Analyzer ---------------------+------------------------ Reporter: hui | Owner: robin Type: Task | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: dnp3 ---------------------+------------------------ Comment (by hui): Replying to [comment:1 robin]: > There are also these files: > > {{{ > A DNP3-debug.cc > A DNP3-debug.h > A DNP3-debug2.cc > A DNP3-debug2.h > A dnp3-analyzer-debug.pac > A dnp3-objects-debug.pac > A dnp3-protocol-debug.pac > }}} > > Can I ignore them? > These files can be ignored. I left there in my branch in case I made some mistakes when removing the debug coding. -- Ticket URL: Bro Tracker Bro Issue Tracker From noreply at bro-ids.org Fri Sep 28 00:00:05 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Fri, 28 Sep 2012 00:00:05 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209280700.q8S705QI004966@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 885 [1] | dnthayer | | Normal | topic/dnthayer/remove-unused-code [2] pysubnettree | 887 [3] | matthias | matthias | Normal | Build fails with older Python C API > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | d6f6714 | Jon Siwek | 2012-09-26 | Reliability adjustments to istate tests with network communication. [4] pysubnettree | 434a974 | Matthias Vallentin | 2012-09-27 | Fix compile error with Python C API. [5] [1] #885: http://tracker.bro-ids.org/bro/ticket/885 [2] remove-unused-code: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/remove-unused-code [3] #887: http://tracker.bro-ids.org/bro/ticket/887 [4] fastpath: http://tracker.bro-ids.org/bro/changeset/d6f671494ef2768b45c2eaf39cae00135379a886/bro [5] fastpath: http://tracker.bro-ids.org/bro/changeset/434a97456a17ab23e046a1116d0b5cb6a9b16b37/pysubnettree From robin at icir.org Fri Sep 28 08:15:12 2012 From: robin at icir.org (Robin Sommer) Date: Fri, 28 Sep 2012 08:15:12 -0700 Subject: [Bro-Dev] #861: Merging DNP3 Analyzer In-Reply-To: References: <045.d25b5df6a13b96f4b3e3618bd9398e58@tracker.bro-ids.org> <0d8141e8fe39456f8d8ead41291d3cab@CITESHT1.ad.uillinois.edu> Message-ID: <20120928151512.GH36271@icir.org> On Fri, Sep 28, 2012 at 10:08 -0500, you wrote: > when I checkout the branch, git gives me this errors: > > "error: Entry 'aux/broctl' would be overwritten by merge. Cannot > merge." What command are you using? That sounds like a merge rather than checkout? Try switching to master first (if you haven't already and then "git checkout topic/robin/dnp3-merge"). > > - Does DNP3 have cases similar to Modbus where it would make sense to pass > > arrays of integers (or other elements)? If so, that would be good to do > > (but I don't know the protocol enough to say more). You can hold off on this for now, Seth has been doing some restructuring of the Modbus events and may have thoughts for DNP3 as well. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From hlin33 at illinois.edu Fri Sep 28 08:08:22 2012 From: hlin33 at illinois.edu (Hui Lin (Hugo) ) Date: Fri, 28 Sep 2012 10:08:22 -0500 Subject: [Bro-Dev] #861: Merging DNP3 Analyzer In-Reply-To: <0d8141e8fe39456f8d8ead41291d3cab@CITESHT1.ad.uillinois.edu> References: <045.d25b5df6a13b96f4b3e3618bd9398e58@tracker.bro-ids.org> <0d8141e8fe39456f8d8ead41291d3cab@CITESHT1.ad.uillinois.edu> Message-ID: Hi, Robin, I think your TODO-hui is included in the branch topic/robin/dnp3-merge. But when I checkout the branch, git gives me this errors: "error: Entry 'aux/broctl' would be overwritten by merge. Cannot merge." Seems not safe. Any opinion what should I do. Hui On Wed, Aug 29, 2012 at 7:48 PM, Bro Tracker wrote: > #861: Merging DNP3 Analyzer > ----------------------------+------------------------ > Reporter: hui | Owner: > Type: Merge Request | Status: new > Priority: Normal | Milestone: Bro2.2 > Component: Bro | Version: git/master > Resolution: | Keywords: dnp3 > ----------------------------+------------------------ > > Comment (by robin): > > I've merged this with master into the temporary branch > {{topic/topic/robin/dnp3-merge}}. > > Hui, a number of points/questions: > > - I've added a set of {{{TODO-Hui}}} throughout the new code. Please take > a look and address (just grep for it). > > - I moved the global variables in {{{DNP3.cc}{} into the analyzer class. > I'm actually surprised that this has ever worked: it looks like you kept > state across flows with a single variable; am I missing something? > > - Please take a look at the new test > {{{scripts.base.protocols.dnp3.events}}} and check the output if it > matches with what you would expect. > > - Which of the many events did you have data for to test with? I've added > the DNP3 traces from Dina, they trigger 11 of the 51 events. Do we have > more we can add to the test suite? > > - Please document the events in {{{src/events.bif}}}, similar to how other > events are documented. > > - Does DNP3 have cases similar to Modbus where it would make sense to pass > arrays of integers (or other elements)? If so, that would be good to do > (but I don't know the protocol enough to say more). > > -- > Ticket URL: > Bro Tracker > Bro Issue Tracker > -- Hui Lin PhD Candidate, Research Assistant Electrical and Computer Engineering Department University of Illinois at Urbana-Champaign -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20120928/5f2c8a71/attachment.html From noreply at bro-ids.org Sat Sep 29 00:00:05 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 29 Sep 2012 00:00:05 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209290700.q8T705e3015306@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 885 [1] | dnthayer | | Normal | topic/dnthayer/remove-unused-code [2] pysubnettree | 887 [3] | matthias | matthias | Normal | Build fails with older Python C API > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | d6f6714 | Jon Siwek | 2012-09-26 | Reliability adjustments to istate tests with network communication. [4] pysubnettree | 434a974 | Matthias Vallentin | 2012-09-27 | Fix compile error with Python C API. [5] [1] #885: http://tracker.bro-ids.org/bro/ticket/885 [2] remove-unused-code: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/remove-unused-code [3] #887: http://tracker.bro-ids.org/bro/ticket/887 [4] fastpath: http://tracker.bro-ids.org/bro/changeset/d6f671494ef2768b45c2eaf39cae00135379a886/bro [5] fastpath: http://tracker.bro-ids.org/bro/changeset/434a97456a17ab23e046a1116d0b5cb6a9b16b37/pysubnettree From noreply at bro-ids.org Sat Sep 29 08:24:10 2012 From: noreply at bro-ids.org (Merge Tracker) Date: Sat, 29 Sep 2012 08:24:10 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201209291524.q8TFOApa027195@bro-ids.icir.org> > Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 885 [1] | dnthayer | | Normal | topic/dnthayer/remove-unused-code [2] pysubnettree | 887 [3] | matthias | matthias | Normal | Build fails with older Python C API > Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | d6f6714 | Jon Siwek | 2012-09-26 | Reliability adjustments to istate tests with network communication. [4] pysubnettree | 434a974 | Matthias Vallentin | 2012-09-27 | Fix compile error with Python C API. [5] [1] #885: http://tracker.bro-ids.org/bro/ticket/885 [2] remove-unused-code: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_path=%2Fbro&new=topic/dnthayer/remove-unused-code [3] #887: http://tracker.bro-ids.org/bro/ticket/887 [4] fastpath: http://tracker.bro-ids.org/bro/changeset/d6f671494ef2768b45c2eaf39cae00135379a886/bro [5] fastpath: http://tracker.bro-ids.org/bro/changeset/434a97456a17ab23e046a1116d0b5cb6a9b16b37/pysubnettree From bro at tracker.bro-ids.org Sat Sep 29 14:45:01 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Sat, 29 Sep 2012 21:45:01 -0000 Subject: [Bro-Dev] #885: topic/dnthayer/remove-unused-code In-Reply-To: <050.c9c8cc42d9b0b489e2a9dd84e0412d77@tracker.bro-ids.org> References: <050.c9c8cc42d9b0b489e2a9dd84e0412d77@tracker.bro-ids.org> Message-ID: <065.91ec208e7bf3224162346f28567158f2@tracker.bro-ids.org> #885: topic/dnthayer/remove-unused-code ----------------------------+------------------------ Reporter: dnthayer | Owner: robin Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * owner: => robin * status: new => closed * resolution: => fixed Comment: In [c412678e1366b4b9ffd23492ea50f7d7ddc08187/bro]: {{{ #!CommitTicketReference repository="bro" revision="c412678e1366b4b9ffd23492ea50f7d7ddc08187" Merge remote-tracking branch 'origin/topic/dnthayer/remove-unused-code' * origin/topic/dnthayer/remove-unused-code: Remove deprecated attribute &disable_print_hook Remove unused argument of helper function Remove deprecated built-in functions Remove unused reserved keyword "this" Closes #885. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker From bro at tracker.bro-ids.org Sat Sep 29 14:45:17 2012 From: bro at tracker.bro-ids.org (Bro Tracker) Date: Sat, 29 Sep 2012 21:45:17 -0000 Subject: [Bro-Dev] #887: Build fails with older Python C API In-Reply-To: <050.671d8e398f67659d7e3b79158119d101@tracker.bro-ids.org> References: <050.671d8e398f67659d7e3b79158119d101@tracker.bro-ids.org> Message-ID: <065.b528ae6e8a6bc286cb9af3d4c2a2c626@tracker.bro-ids.org> #887: Build fails with older Python C API ----------------------------+------------------------ Reporter: matthias | Owner: matthias Type: Merge Request | Status: closed Priority: Normal | Milestone: Bro2.2 Component: pysubnettree | Version: git/master Resolution: fixed | Keywords: ----------------------------+------------------------ Changes (by robin): * status: reopened => closed * resolution: => fixed Comment: In [eae84135aeb763669fdf55080745c57d38809cd2/pysubnettree]: {{{ #!CommitTicketReference repository="pysubnettree" revision="eae84135aeb763669fdf55080745c57d38809cd2" Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: Fix compile error with Python C API. Closes #887. }}} -- Ticket URL: Bro Tracker Bro Issue Tracker