From noreply at bro.org Sun Sep 1 00:00:23 2013 From: noreply at bro.org (Merge Tracker) Date: Sun, 1 Sep 2013 00:00:23 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309010700.r8170N0j032118@bro-ids.icir.org> Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [1] broccoli dcode [2] 2013-08-12 Updated specfile. Works under mock for EL6 [3] [1] Pull Request #1 https://github.com/bro/broccoli/issues/1 [2] dcode https://github.com/dcode [3] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From noreply at bro.org Mon Sep 2 00:00:14 2013 From: noreply at bro.org (Merge Tracker) Date: Mon, 2 Sep 2013 00:00:14 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309020700.r8270Ec7004329@bro-ids.icir.org> Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [1] broccoli dcode [2] 2013-08-12 Updated specfile. Works under mock for EL6 [3] [1] Pull Request #1 https://github.com/bro/broccoli/issues/1 [2] dcode https://github.com/dcode [3] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From noreply at bro.org Tue Sep 3 00:00:15 2013 From: noreply at bro.org (Merge Tracker) Date: Tue, 3 Sep 2013 00:00:15 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309030700.r8370FSH021231@bro-ids.icir.org> Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [1] broccoli dcode [2] 2013-08-12 Updated specfile. Works under mock for EL6 [3] [1] Pull Request #1 https://github.com/bro/broccoli/issues/1 [2] dcode https://github.com/dcode [3] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From n.siow at wustl.edu Tue Sep 3 08:36:24 2013 From: n.siow at wustl.edu (Nicholas Siow) Date: Tue, 3 Sep 2013 10:36:24 -0500 Subject: [Bro-Dev] How to get more connection info in Software::Info? Message-ID: Hey, had a quick question about the connection information in the Software::Info structure. >From what I can see in the source code / manual there seems to be only one side of the connection represented ( only "host" and "host_p" ). For what we are trying to do, we want the full connection to be logged. Just how HTTP for example records the originating / responding host / port. Since the Software::found function seems to take a connection as a parameter, would it be possible to pull c$id$orig_h, c$id$orig_p, c$id$resp_h, and c$id$resp_p fields out and pass them into this framework? Or is there some limitation that prevents those fields from being accessed? To access the information, I was thinking of adding two fields to the Software::Info record which would hold the other 2 values not represented by host and host_p - and then modify the Software::found calls in the SMTP, SSH, HTTP etc policies so that they pass along the additional information from their connection object. Does this seem like a reasonable approach or is there an easier way? Thanks, N. Siow -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20130903/79de41f1/attachment.html From jira at bro-tracker.atlassian.net Tue Sep 3 15:00:53 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Tue, 3 Sep 2013 17:00:53 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1066) topic/dnthayer/oldwiki-binpac In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Thayer updated BIT-1066: ------------------------------- Status: Merge Request (was: Open) > topic/dnthayer/oldwiki-binpac > ----------------------------- > > Key: BIT-1066 > URL: https://bro-tracker.atlassian.net/browse/BIT-1066 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: BinPAC > Reporter: Daniel Thayer > Fix For: 2.2 > > > This branch adds BinPAC documentation (just copied the > "BinPAC Userguide" from the old Bro wiki, and reformatted > to reST). -- This message was sent by Atlassian JIRA (v6.1-OD-06#6139) From noreply at bro.org Wed Sep 4 00:00:13 2013 From: noreply at bro.org (Merge Tracker) Date: Wed, 4 Sep 2013 00:00:13 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309040700.r8470D3C031374@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ------------- ---------- ---------- ------------- ---------- --------------------------------- BIT-1066 [1] BinPAC Daniel Thayer - 2013-09-03 2.2 Normal topic/dnthayer/oldwiki-binpac [2] Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [3] broccoli dcode [4] 2013-08-12 Updated specfile. Works under mock for EL6 [5] [1] BIT-1066 https://bro-tracker.atlassian.net/browse/BIT-1066 [2] oldwiki-binpac https://github.com/bro/binpac/tree/topic/dnthayer/oldwiki-binpac [3] Pull Request #1 https://github.com/bro/broccoli/issues/1 [4] dcode https://github.com/dcode [5] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From jira at bro-tracker.atlassian.net Wed Sep 4 09:34:53 2013 From: jira at bro-tracker.atlassian.net (Matthias Vallentin (JIRA)) Date: Wed, 4 Sep 2013 11:34:53 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1073) Make the MIME analyzer a FAF analyzer In-Reply-To: References: Message-ID: Matthias Vallentin created BIT-1073: --------------------------------------- Summary: Make the MIME analyzer a FAF analyzer Key: BIT-1073 URL: https://bro-tracker.atlassian.net/browse/BIT-1073 Project: Bro Issue Tracker Issue Type: Task Components: Bro Affects Versions: git/master Reporter: Matthias Vallentin We should convert the MIME analyzer to use FAF, allowing other components to reuse it. Specifically, I noted this in the process of bringing back the POP3 analyzer. Ideally, we can just feed the contents of the download emails via the RETR command into a FAF-based MIME analyzer. Then we wouldn't have to rebuild functionality that's close to the SMTP analyzer. In summary, we should factor the MIME analysis into a separate analysis unit. -- This message was sent by Atlassian JIRA (v6.1-OD-06#6139) From jira at bro-tracker.atlassian.net Wed Sep 4 13:04:53 2013 From: jira at bro-tracker.atlassian.net (Jon Siwek (JIRA)) Date: Wed, 4 Sep 2013 15:04:53 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1072) merge topic/bernhard/hyperloglog In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13900#comment-13900 ] Jon Siwek commented on BIT-1072: -------------------------------- Regarding to core.leaks.basic-cluster test failure, the underlying cause of the leaks seems to be: {noformat} expression error in /home/jsiwek/bro/scripts/base/frameworks/sumstats/./plugins/./hll_unique.bro, line 56: field value missing [SumStats::rv1$hll_error_margin] {noformat} So seems that hook function needs better handling of uninitialized values and maybe also in this case values are expected to be initialized and are not. > merge topic/bernhard/hyperloglog > -------------------------------- > > Key: BIT-1072 > URL: https://bro-tracker.atlassian.net/browse/BIT-1072 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Bernhard Amann > Fix For: 2.2 > > Attachments: out.pdf > > > The branch adds support for the hyperloglog data structure. > In the branch, core/leaks/basic-cluster.bro currently faisl. However, this seems to be unrelated to hll and just to be triggered by the addition of it to the sumstats tests. It looks like some kind of scriptland issue. pprof output is attached. (master, workers don't leak memory) -- This message was sent by Atlassian JIRA (v6.1-OD-06#6139) From jsiwek at illinois.edu Wed Sep 4 15:05:31 2013 From: jsiwek at illinois.edu (Siwek, Jonathan Luke) Date: Wed, 4 Sep 2013 22:05:31 +0000 Subject: [Bro-Dev] [Bro-Commits] [git/bro] fastpath: Fix memory leak in DNS TXT lookups. (62de567) In-Reply-To: <201309042150.r84Lojeh020262@bro-ids.icir.org> References: <201309042150.r84Lojeh020262@bro-ids.icir.org> Message-ID: This might be a significant leak since local.bro has the MHR and notary scripts loaded by default now and those use TXT lookups. Though, the leak is when there's a request for something that's already cached locally, that might happen often enough (same file/cert seen multiple times). - Jon On Sep 4, 2013, at 4:50 PM, Jonathan Siwek wrote: > Repository : ssh://git at bro-ids.icir.org/bro > > On branch : fastpath > Link : https://github.com/bro/bro/commit/62de5678f7532fb4c31bd7dce481491f5d11128a > >> --------------------------------------------------------------- > > commit 62de5678f7532fb4c31bd7dce481491f5d11128a > Author: Jon Siwek > Date: Wed Sep 4 16:47:44 2013 -0500 > > Fix memory leak in DNS TXT lookups. > > >> --------------------------------------------------------------- > > 62de5678f7532fb4c31bd7dce481491f5d11128a > src/DNS_Mgr.cc | 12 +++++++++- > testing/btest/core/leaks/dns-txt.bro | 43 ++++++++++++++++++++++++++++++++++++ > 2 files changed, 54 insertions(+), 1 deletion(-) > > diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc > index 4596a7d..2005202 100644 > --- a/src/DNS_Mgr.cc > +++ b/src/DNS_Mgr.cc > @@ -713,6 +713,16 @@ void DNS_Mgr::AddResult(DNS_Mgr_Request* dr, struct nb_dns_result* r) > TextMap::iterator it = text_mappings.find(dr->ReqHost()); > if ( it == text_mappings.end() ) > text_mappings[dr->ReqHost()] = new_dm; > + else > + { > + if ( new_dm->Failed() && prev_dm && prev_dm->Valid() ) > + ++keep_prev; > + else > + { > + prev_dm = it->second; > + it->second = new_dm; > + } > + } > } > else > { > @@ -766,7 +776,7 @@ void DNS_Mgr::AddResult(DNS_Mgr_Request* dr, struct nb_dns_result* r) > } > } > > - if ( prev_dm ) > + if ( prev_dm && ! dr->ReqIsTxt() ) > CompareMappings(prev_dm, new_dm); > > if ( keep_prev ) > diff --git a/testing/btest/core/leaks/dns-txt.bro b/testing/btest/core/leaks/dns-txt.bro > new file mode 100644 > index 0000000..44b7c04 > --- /dev/null > +++ b/testing/btest/core/leaks/dns-txt.bro > @@ -0,0 +1,43 @@ > +# Needs perftools support. > +# > +# @TEST-GROUP: leaks > +# > +# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks > +# > +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT > +# @TEST-EXEC: btest-bg-wait 15 > + > + at load base/frameworks/communication # keep network time running > +redef exit_only_after_terminate = T; > + > +global n1 = 0; > + > +function check_term_conditions() > + { > + if ( n1 > 7 ) > + terminate(); > + } > + > + > +event do_txt(s: string) > + { > + when ( local t1 = lookup_hostname_txt(s) ) > + { > + print "t1", t1; > + ++n1; > + check_term_conditions(); > + } > + timeout 100secs > + { > + print "t1 timeout"; > + ++n1; > + check_term_conditions(); > + } > + } > + > +event connection_established(c: connection) > + { > + event do_txt("localhost"); > + schedule 5sec { do_txt("localhost") }; > + } > + > > _______________________________________________ > bro-commits mailing list > bro-commits at bro.org > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-commits > From jira at bro-tracker.atlassian.net Wed Sep 4 20:40:53 2013 From: jira at bro-tracker.atlassian.net (Bernhard Amann (JIRA)) Date: Wed, 4 Sep 2013 22:40:53 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1072) merge topic/bernhard/hyperloglog In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13901#comment-13901 ] Bernhard Amann commented on BIT-1072: ------------------------------------- So it was the fault of hll (or me) after all. :( Was that error reported when running bro? I do not remember ever seeing that... > merge topic/bernhard/hyperloglog > -------------------------------- > > Key: BIT-1072 > URL: https://bro-tracker.atlassian.net/browse/BIT-1072 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Bernhard Amann > Fix For: 2.2 > > Attachments: out.pdf > > > The branch adds support for the hyperloglog data structure. > In the branch, core/leaks/basic-cluster.bro currently faisl. However, this seems to be unrelated to hll and just to be triggered by the addition of it to the sumstats tests. It looks like some kind of scriptland issue. pprof output is attached. (master, workers don't leak memory) -- This message was sent by Atlassian JIRA (v6.1-OD-06#6139) From noreply at bro.org Thu Sep 5 00:00:17 2013 From: noreply at bro.org (Merge Tracker) Date: Thu, 5 Sep 2013 00:00:17 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309050700.r8570HBF009516@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ------------- ---------- ---------- ------------- ---------- --------------------------------- BIT-1066 [1] BinPAC Daniel Thayer - 2013-09-03 2.2 Normal topic/dnthayer/oldwiki-binpac [2] Open Fastpath Commits ====================== Commit Component Author Date Summary ----------- ----------- --------- ---------- ------------------------------------------------------------ 7799a86 [3] bro Jon Siwek 2013-09-04 Adjust HLL cluster leak test so leaks trigger a failure. 3939b62 [4] bro Jon Siwek 2013-09-04 Adjust DNS memory leak test to actually fail if there's a le 62de567 [5] bro Jon Siwek 2013-09-04 Fix memory leak in DNS TXT lookups. 6ad82ff [6] bro Jon Siwek 2013-09-04 Fix invalid/mismatched deallocators. f9dc48e [7] bro Jon Siwek 2013-09-04 Fix logging filter over-allocation and leak. 0678468 [8] bro Jon Siwek 2013-09-04 Internal UID simplifications/nits. ca9b916 [9] bro Jon Siwek 2013-09-04 Fix raw execution input reader's signal blocking. Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- ----------------- ---------- ----------------------------------------------- #2 [10] bro anthonykasza [11] 2013-09-05 String N-Gram Function [12] #1 [13] broccoli dcode [14] 2013-08-12 Updated specfile. Works under mock for EL6 [15] [1] BIT-1066 https://bro-tracker.atlassian.net/browse/BIT-1066 [2] oldwiki-binpac https://github.com/bro/binpac/tree/topic/dnthayer/oldwiki-binpac [3] 7799a86 https://github.com/bro/bro/commit/7799a86a7f845cd1ae6bb24526c2ba80fbaaf2c4 [4] 3939b62 https://github.com/bro/bro/commit/3939b629aeb317d5dcf47c1a77e905052b6c0c4e [5] 62de567 https://github.com/bro/bro/commit/62de5678f7532fb4c31bd7dce481491f5d11128a [6] 6ad82ff https://github.com/bro/bro/commit/6ad82ff263ba6b4c8d2188c54b0ba0bc819a484b [7] f9dc48e https://github.com/bro/bro/commit/f9dc48e5731c16628b5bcb4ddc450308ed2217f0 [8] 0678468 https://github.com/bro/bro/commit/067846835307dac33bfa42a6bb30691904c07c24 [9] ca9b916 https://github.com/bro/bro/commit/ca9b9162a75d1ab9ce2a52823c3fae2b85173cec [10] Pull Request #2 https://github.com/bro/bro/issues/2 [11] anthonykasza https://github.com/anthonykasza [12] Merge Pull Request #2 with git pull https://github.com/anthonykasza/bro.git master [13] Pull Request #1 https://github.com/bro/broccoli/issues/1 [14] dcode https://github.com/dcode [15] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From jira at bro-tracker.atlassian.net Thu Sep 5 07:22:53 2013 From: jira at bro-tracker.atlassian.net (Jon Siwek (JIRA)) Date: Thu, 5 Sep 2013 09:22:53 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1072) merge topic/bernhard/hyperloglog In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13902#comment-13902 ] Jon Siwek commented on BIT-1072: -------------------------------- {quote}Was that error reported when running bro?{quote} Yeah, stderr I think (or maybe reporter.log if it wasn't using -b). > merge topic/bernhard/hyperloglog > -------------------------------- > > Key: BIT-1072 > URL: https://bro-tracker.atlassian.net/browse/BIT-1072 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Bernhard Amann > Fix For: 2.2 > > Attachments: out.pdf > > > The branch adds support for the hyperloglog data structure. > In the branch, core/leaks/basic-cluster.bro currently faisl. However, this seems to be unrelated to hll and just to be triggered by the addition of it to the sumstats tests. It looks like some kind of scriptland issue. pprof output is attached. (master, workers don't leak memory) -- This message was sent by Atlassian JIRA (v6.1-OD-06#6139) From seth at icir.org Thu Sep 5 09:15:42 2013 From: seth at icir.org (Seth Hall) Date: Thu, 5 Sep 2013 12:15:42 -0400 Subject: [Bro-Dev] [Bro-Commits] [git/bro] fastpath: Fix memory leak in DNS TXT lookups. (62de567) In-Reply-To: References: <201309042150.r84Lojeh020262@bro-ids.icir.org> Message-ID: On Sep 4, 2013, at 6:05 PM, "Siwek, Jonathan Luke" wrote: > This might be a significant leak since local.bro has the MHR and notary scripts loaded by default now and those use TXT lookups. Though, the leak is when there's a request for something that's already cached locally, that might happen often enough (same file/cert seen multiple times). Nice find. A large site that was having trouble on their workers is running that now. We should find out pretty soon. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20130905/c1fbb07d/attachment.bin From jira at bro-tracker.atlassian.net Thu Sep 5 10:12:53 2013 From: jira at bro-tracker.atlassian.net (Bernhard Amann (JIRA)) Date: Thu, 5 Sep 2013 12:12:53 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1072) merge topic/bernhard/hyperloglog In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13903#comment-13903 ] Bernhard Amann commented on BIT-1072: ------------------------------------- So - I am officially blind :) > merge topic/bernhard/hyperloglog > -------------------------------- > > Key: BIT-1072 > URL: https://bro-tracker.atlassian.net/browse/BIT-1072 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Bernhard Amann > Fix For: 2.2 > > Attachments: out.pdf > > > The branch adds support for the hyperloglog data structure. > In the branch, core/leaks/basic-cluster.bro currently faisl. However, this seems to be unrelated to hll and just to be triggered by the addition of it to the sumstats tests. It looks like some kind of scriptland issue. pprof output is attached. (master, workers don't leak memory) -- This message was sent by Atlassian JIRA (v6.1-OD-06#6139) From jira at bro-tracker.atlassian.net Thu Sep 5 15:10:53 2013 From: jira at bro-tracker.atlassian.net (Jon Siwek (JIRA)) Date: Thu, 5 Sep 2013 17:10:53 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1066) topic/dnthayer/oldwiki-binpac In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jon Siwek updated BIT-1066: --------------------------- Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > topic/dnthayer/oldwiki-binpac > ----------------------------- > > Key: BIT-1066 > URL: https://bro-tracker.atlassian.net/browse/BIT-1066 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: BinPAC > Reporter: Daniel Thayer > Fix For: 2.2 > > > This branch adds BinPAC documentation (just copied the > "BinPAC Userguide" from the old Bro wiki, and reformatted > to reST). -- This message was sent by Atlassian JIRA (v6.1-OD-06#6139) From noreply at bro.org Sat Sep 7 00:00:11 2013 From: noreply at bro.org (Merge Tracker) Date: Sat, 7 Sep 2013 00:00:11 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309070700.r8770BEG024643@bro-ids.icir.org> Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [1] broccoli dcode [2] 2013-08-12 Updated specfile. Works under mock for EL6 [3] [1] Pull Request #1 https://github.com/bro/broccoli/pull/1 [2] dcode https://github.com/dcode [3] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From noreply at bro.org Sun Sep 8 00:00:11 2013 From: noreply at bro.org (Merge Tracker) Date: Sun, 8 Sep 2013 00:00:11 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309080700.r8870BOI028462@bro-ids.icir.org> Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [1] broccoli dcode [2] 2013-08-12 Updated specfile. Works under mock for EL6 [3] [1] Pull Request #1 https://github.com/bro/broccoli/pull/1 [2] dcode https://github.com/dcode [3] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From noreply at bro.org Mon Sep 9 00:00:14 2013 From: noreply at bro.org (Merge Tracker) Date: Mon, 9 Sep 2013 00:00:14 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309090700.r8970E1T019224@bro-ids.icir.org> Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [1] broccoli dcode [2] 2013-08-12 Updated specfile. Works under mock for EL6 [3] [1] Pull Request #1 https://github.com/bro/broccoli/pull/1 [2] dcode https://github.com/dcode [3] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From jira at bro-tracker.atlassian.net Mon Sep 9 11:11:11 2013 From: jira at bro-tracker.atlassian.net (Jon Siwek (JIRA)) Date: Mon, 9 Sep 2013 13:11:11 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1062) Issues fragmented packets and BRO In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1062?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14000#comment-14000 ] Jon Siwek commented on BIT-1062: -------------------------------- {quote} I was doing some testing with fragmented attacks trying to bypass IDS sensors and noticed that BRO does not identify/populate the SRC & DST IP's in the weird log {quote} They're probably missing since the weird log field is a conn_id (hosts and ports), but flow_weirds (like what happens w/ IP fragments in this case) would only have available the hosts, but not ports. Seth, would it make sense to create a dummy conn_id w/ 0/unknown for the ports so that hosts can at least be logged? {quote} ... and other fields such as the URI in the http.log ... {quote} {quote} Also,. I fragmented a GET /EVILSTUFF HTTP request,. and noticed: 1377056289.770819 - - - - - excessively_small_fragment - F bro 1377056289.787032 - - - - - fragment_inconsistency - F bro 1377056290.141267 iL6Ki3ncjV1 192.168.1.5 17384 192.168.1.16 80 unmatched_HTTP_reply - F bro {quote} I'm not sure fragments were generated right. They have Identification=1, Fragment Offset=0, the More Fragments bit set, but with different data (i.e. all fragments overlap). Unless there's suggestions, I'm not sure what more can be done. > Issues fragmented packets and BRO > --------------------------------- > > Key: BIT-1062 > URL: https://bro-tracker.atlassian.net/browse/BIT-1062 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: 2.1 > Environment: Ubuntu/Debian > Reporter: john blaze > Attachments: fraggy_out_EVILSTUFF, more_frag.pcap > > > I was doing some testing with fragmented attacks trying to bypass IDS sensors and noticed that BRO does not identify/populate the SRC & DST IP's in the weird log and other fields such as the URI in the http.log when doing stuff like: > >>> f=fragment(IP(dst="80.69.77.211")/ICMP()/("X"*50), fragsize=10) > >>> for frag in f: > ... send(frag) > 1377062338.222065 - - - - - excessively_small_fragment - F bro > Also,. I fragmented a GET /EVILSTUFF HTTP request,. and noticed: > 1377056289.770819 - - - - - excessively_small_fragment - F bro > 1377056289.787032 - - - - - fragment_inconsistency - F bro > 1377056290.141267 iL6Ki3ncjV1 192.168.1.5 17384 192.168.1.16 80 unmatched_HTTP_reply - F bro > PCAPS are attached. -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From jira at bro-tracker.atlassian.net Mon Sep 9 13:37:10 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Mon, 9 Sep 2013 15:37:10 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1074) topic/dnthayer/broctl-tests In-Reply-To: References: Message-ID: Daniel Thayer created BIT-1074: ---------------------------------- Summary: topic/dnthayer/broctl-tests Key: BIT-1074 URL: https://bro-tracker.atlassian.net/browse/BIT-1074 Project: Bro Issue Tracker Issue Type: Improvement Components: BroControl Reporter: Daniel Thayer Fix For: 2.2 This branch adds tests for newer features of broctl (CPU pinning, PF_RING multiple cluster IDs, and the "env_vars" option). -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From jira at bro-tracker.atlassian.net Mon Sep 9 13:37:10 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Mon, 9 Sep 2013 15:37:10 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1074) topic/dnthayer/broctl-tests In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1074?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Thayer updated BIT-1074: ------------------------------- Status: Merge Request (was: Open) > topic/dnthayer/broctl-tests > --------------------------- > > Key: BIT-1074 > URL: https://bro-tracker.atlassian.net/browse/BIT-1074 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: BroControl > Reporter: Daniel Thayer > Fix For: 2.2 > > > This branch adds tests for newer features of broctl (CPU pinning, > PF_RING multiple cluster IDs, and the "env_vars" option). -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From noreply at bro.org Tue Sep 10 00:00:12 2013 From: noreply at bro.org (Merge Tracker) Date: Tue, 10 Sep 2013 00:00:12 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309100700.r8A70CGS028535@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ------------- ---------- ---------- ------------- ---------- ------------------------------- BIT-1074 [1] BroControl Daniel Thayer - 2013-09-09 2.2 Normal topic/dnthayer/broctl-tests [2] Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [3] broccoli dcode [4] 2013-08-12 Updated specfile. Works under mock for EL6 [5] [1] BIT-1074 https://bro-tracker.atlassian.net/browse/BIT-1074 [2] broctl-tests https://github.com/bro/brocontrol/tree/topic/dnthayer/broctl-tests [3] Pull Request #1 https://github.com/bro/broccoli/pull/1 [4] dcode https://github.com/dcode [5] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From noreply at bro.org Wed Sep 11 00:00:11 2013 From: noreply at bro.org (Merge Tracker) Date: Wed, 11 Sep 2013 00:00:11 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309110700.r8B70BuQ032566@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ------------- ---------- ---------- ------------- ---------- ------------------------------- BIT-1074 [1] BroControl Daniel Thayer - 2013-09-09 2.2 Normal topic/dnthayer/broctl-tests [2] Open Fastpath Commits ====================== Commit Component Author Date Summary ------------ ----------- ------------- ---------- --------------------------------------------- f5f3128 [3] binpac Jon Siwek 2013-09-10 Add missing break to switch statement case. fadd81b [4] binpac Jon Siwek 2013-09-10 Remove unreachable code. 449a77e [5] binpac Jon Siwek 2013-09-10 Add missing va_end()'s to match va_start()'s. 9b02dcd [6] binpac Jon Siwek 2013-09-10 Fix two use-after-free bugs. 09bfaf9 [7] binpac Jon Siwek 2013-09-10 Fix double-free. c3a4454 [8] bro Jon Siwek 2013-09-10 Fix significant memory leak. 1fbeefe [9] bro Jon Siwek 2013-09-10 Fix two use-after-free bugs. ee1312f [10] bro Daniel Thayer 2013-09-10 Fix an error seen when building documentation 61784b0 [11] broccoli Daniel Thayer 2013-09-10 Fix a broken link in documentation Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- ---------- ---------- ----------------------------------------------- #1 [12] broccoli dcode [13] 2013-08-12 Updated specfile. Works under mock for EL6 [14] [1] BIT-1074 https://bro-tracker.atlassian.net/browse/BIT-1074 [2] broctl-tests https://github.com/bro/brocontrol/tree/topic/dnthayer/broctl-tests [3] f5f3128 https://github.com/bro/binpac/commit/f5f312843d1d77f8a851e3c26023f144f48bfe2b [4] fadd81b https://github.com/bro/binpac/commit/fadd81ba301bb9c06352618b0bb041ef7f123f84 [5] 449a77e https://github.com/bro/binpac/commit/449a77e8b2a2a1ba109816d5bb23d802b6b1c7ba [6] 9b02dcd https://github.com/bro/binpac/commit/9b02dcd02e2f5794bf7f56b1a03eb59458837040 [7] 09bfaf9 https://github.com/bro/binpac/commit/09bfaf9f997ba14fe1c27985bb52cbabef4486e4 [8] c3a4454 https://github.com/bro/bro/commit/c3a4454892fe0224f68efce23b797fb89ca04ee1 [9] 1fbeefe https://github.com/bro/bro/commit/1fbeefedbc6470f98090d6edc2f99cf2f66e3ba9 [10] ee1312f https://github.com/bro/bro/commit/ee1312f2add224eafcf0c7e193d5d818aa34c84f [11] 61784b0 https://github.com/bro/broccoli/commit/61784b07d17005efa10105e8daeb6f1276f3549e [12] Pull Request #1 https://github.com/bro/broccoli/pull/1 [13] dcode https://github.com/dcode [14] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From jira at bro-tracker.atlassian.net Wed Sep 11 07:23:10 2013 From: jira at bro-tracker.atlassian.net (Benson Mathews (JIRA)) Date: Wed, 11 Sep 2013 09:23:10 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1075) Bro Workshop videos In-Reply-To: References: Message-ID: Benson Mathews created BIT-1075: ----------------------------------- Summary: Bro Workshop videos Key: BIT-1075 URL: https://bro-tracker.atlassian.net/browse/BIT-1075 Project: Bro Issue Tracker Issue Type: Problem Components: Website Reporter: Benson Mathews Hi, I was looking to go through the Bro Workshop 2011, but most of the videos doesn't seem to be working. Could those be made available again. Thanks, Benson -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From jira at bro-tracker.atlassian.net Wed Sep 11 07:45:10 2013 From: jira at bro-tracker.atlassian.net (Adam Slagell (JIRA)) Date: Wed, 11 Sep 2013 09:45:10 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1075) Bro Workshop videos In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14001#comment-14001 ] Adam Slagell commented on BIT-1075: ----------------------------------- They look fine to me. Are you sure they aren't just very slow to load? Is there a specific one that isn't working? > Bro Workshop videos > ------------------- > > Key: BIT-1075 > URL: https://bro-tracker.atlassian.net/browse/BIT-1075 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Website > Reporter: Benson Mathews > > Hi, > I was looking to go through the Bro Workshop 2011, but most of the videos doesn't seem to be working. > Could those be made available again. > Thanks, > Benson -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From jira at bro-tracker.atlassian.net Wed Sep 11 08:59:10 2013 From: jira at bro-tracker.atlassian.net (Adam Slagell (JIRA)) Date: Wed, 11 Sep 2013 10:59:10 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1075) Bro Workshop videos In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14002#comment-14002 ] Adam Slagell commented on BIT-1075: ----------------------------------- You can also go to http://www.youtube.com/playlist?list=PL778522042653B58E > Bro Workshop videos > ------------------- > > Key: BIT-1075 > URL: https://bro-tracker.atlassian.net/browse/BIT-1075 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Website > Reporter: Benson Mathews > > Hi, > I was looking to go through the Bro Workshop 2011, but most of the videos doesn't seem to be working. > Could those be made available again. > Thanks, > Benson -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From jira at bro-tracker.atlassian.net Wed Sep 11 12:19:12 2013 From: jira at bro-tracker.atlassian.net (Benson Mathews (JIRA)) Date: Wed, 11 Sep 2013 14:19:12 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1075) Bro Workshop videos In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14003#comment-14003 ] Benson Mathews commented on BIT-1075: ------------------------------------- Well videos on day 1: http://security.ncsa.illinois.edu/BroWorkshop2011/videos/1_broverview.mov http://security.ncsa.illinois.edu/BroWorkshop2011/videos/3_understanding_and_examining_bro_logs.mov http://security.ncsa.illinois.edu/BroWorkshop2011/videos/5_programming_primer_solutions.mov I tried connecting to these and all I was getting was the Quicktime icon with a question mark in it - doesn't seem to be loading anything. Other videos on day 2 and 3 were taking a lot of time to load. Anyway, the youtube link works fine for me. Thanks for that! -Benson > Bro Workshop videos > ------------------- > > Key: BIT-1075 > URL: https://bro-tracker.atlassian.net/browse/BIT-1075 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Website > Reporter: Benson Mathews > > Hi, > I was looking to go through the Bro Workshop 2011, but most of the videos doesn't seem to be working. > Could those be made available again. > Thanks, > Benson -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From jira at bro-tracker.atlassian.net Wed Sep 11 12:43:10 2013 From: jira at bro-tracker.atlassian.net (Bernhard Amann (JIRA)) Date: Wed, 11 Sep 2013 14:43:10 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-950) Add client/server random to SSL hello events In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bernhard Amann updated BIT-950: ------------------------------- Status: Merge Request (was: Open) > Add client/server random to SSL hello events > -------------------------------------------- > > Key: BIT-950 > URL: https://bro-tracker.atlassian.net/browse/BIT-950 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Bro > Affects Versions: git/master > Reporter: ewust > Assignee: Bernhard Amann > Priority: Low > Fix For: 2.2 > > Attachments: 0001-Add-client-server-random-to-ssl-hello-events.patch > > > ssl_client_hello and ssl_server_hello should provide applications with the nonces (client/server random) in the SSL hello messages. This can be used for steganographic applications, or can be used to detect entropy problems. -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From jira at bro-tracker.atlassian.net Wed Sep 11 12:43:10 2013 From: jira at bro-tracker.atlassian.net (Bernhard Amann (JIRA)) Date: Wed, 11 Sep 2013 14:43:10 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-950) Add client/server random to SSL hello events In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14004#comment-14004 ] Bernhard Amann commented on BIT-950: ------------------------------------ I adapted the patch to the current layout and added a small test in topic/bernhard/ticket950 > Add client/server random to SSL hello events > -------------------------------------------- > > Key: BIT-950 > URL: https://bro-tracker.atlassian.net/browse/BIT-950 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Bro > Affects Versions: git/master > Reporter: ewust > Assignee: Bernhard Amann > Priority: Low > Fix For: 2.2 > > Attachments: 0001-Add-client-server-random-to-ssl-hello-events.patch > > > ssl_client_hello and ssl_server_hello should provide applications with the nonces (client/server random) in the SSL hello messages. This can be used for steganographic applications, or can be used to detect entropy problems. -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From jp.bourget at gmail.com Wed Sep 11 13:44:10 2013 From: jp.bourget at gmail.com (JP Gmail) Date: Wed, 11 Sep 2013 21:44:10 +0100 Subject: [Bro-Dev] [JIRA] (BIT-1075) Bro Workshop videos In-Reply-To: References: Message-ID: <7BD4D2F8-A293-4E4F-93C3-2129941A71A2@gmail.com> Sounds like a codec issue, can you right click and save the link? JP On Sep 11, 2013, at 8:19 PM, "Benson Mathews (JIRA)" wrote: > > [ https://bro-tracker.atlassian.net/browse/BIT-1075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14003#comment-14003 ] > > Benson Mathews commented on BIT-1075: > ------------------------------------- > > Well videos on day 1: > http://security.ncsa.illinois.edu/BroWorkshop2011/videos/1_broverview.mov > http://security.ncsa.illinois.edu/BroWorkshop2011/videos/3_understanding_and_examining_bro_logs.mov > http://security.ncsa.illinois.edu/BroWorkshop2011/videos/5_programming_primer_solutions.mov > > I tried connecting to these and all I was getting was the Quicktime icon with a question mark in it - doesn't seem to be loading anything. Other videos on day 2 and 3 were taking a lot of time to load. > > Anyway, the youtube link works fine for me. Thanks for that! > > -Benson > >> Bro Workshop videos >> ------------------- >> >> Key: BIT-1075 >> URL: https://bro-tracker.atlassian.net/browse/BIT-1075 >> Project: Bro Issue Tracker >> Issue Type: Problem >> Components: Website >> Reporter: Benson Mathews >> >> Hi, >> I was looking to go through the Bro Workshop 2011, but most of the videos doesn't seem to be working. >> Could those be made available again. >> Thanks, >> Benson > > > > -- > This message was sent by Atlassian JIRA > (v6.1-OD-06-1#6139) > _______________________________________________ > bro-dev mailing list > bro-dev at bro.org > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev From slagell at illinois.edu Wed Sep 11 14:01:38 2013 From: slagell at illinois.edu (Slagell, Adam J) Date: Wed, 11 Sep 2013 21:01:38 +0000 Subject: [Bro-Dev] [JIRA] (BIT-1075) Bro Workshop videos In-Reply-To: <7BD4D2F8-A293-4E4F-93C3-2129941A71A2@gmail.com> References: <7BD4D2F8-A293-4E4F-93C3-2129941A71A2@gmail.com> Message-ID: <558D23D33781EF45A69229CDAC6BF15111217F32@CITESMBX6.ad.uillinois.edu> I'm actually creating a Bro channel on YouTube now and uploading playlists for all the past three exchanges/workshops. Then I think I will update the links on the Bro web site to go to YouTube. Right now the most recent ones are uploading, then I will create meta data and playlists. On Sep 11, 2013, at 3:44 PM, JP Gmail wrote: > Sounds like a codec issue, can you right click and save the link? > > JP > > On Sep 11, 2013, at 8:19 PM, "Benson Mathews (JIRA)" wrote: > >> >> [ https://bro-tracker.atlassian.net/browse/BIT-1075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14003#comment-14003 ] >> >> Benson Mathews commented on BIT-1075: >> ------------------------------------- >> >> Well videos on day 1: >> http://security.ncsa.illinois.edu/BroWorkshop2011/videos/1_broverview.mov >> http://security.ncsa.illinois.edu/BroWorkshop2011/videos/3_understanding_and_examining_bro_logs.mov >> http://security.ncsa.illinois.edu/BroWorkshop2011/videos/5_programming_primer_solutions.mov >> >> I tried connecting to these and all I was getting was the Quicktime icon with a question mark in it - doesn't seem to be loading anything. Other videos on day 2 and 3 were taking a lot of time to load. >> >> Anyway, the youtube link works fine for me. Thanks for that! >> >> -Benson >> >>> Bro Workshop videos >>> ------------------- >>> >>> Key: BIT-1075 >>> URL: https://bro-tracker.atlassian.net/browse/BIT-1075 >>> Project: Bro Issue Tracker >>> Issue Type: Problem >>> Components: Website >>> Reporter: Benson Mathews >>> >>> Hi, >>> I was looking to go through the Bro Workshop 2011, but most of the videos doesn't seem to be working. >>> Could those be made available again. >>> Thanks, >>> Benson >> >> >> >> -- >> This message was sent by Atlassian JIRA >> (v6.1-OD-06-1#6139) >> _______________________________________________ >> bro-dev mailing list >> bro-dev at bro.org >> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev > > _______________________________________________ > bro-dev mailing list > bro-dev at bro.org > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev > ------ Adam J. Slagell Chief Information Security Officer Sr. Research Scientist National Center for Supercomputing Applications University of Illinois at Urbana-Champaign www.slagell.info "Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure." From jira at bro-tracker.atlassian.net Wed Sep 11 14:03:11 2013 From: jira at bro-tracker.atlassian.net (Adam Slagell (JIRA)) Date: Wed, 11 Sep 2013 16:03:11 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1075) Bro Workshop videos In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14005#comment-14005 ] Adam Slagell commented on BIT-1075: ----------------------------------- I'm actually creating a Bro channel on YouTube now and uploading playlists for all the past three exchanges/workshops. Then I think I will update the links on the Bro web site to go to YouTube. Right now the most recent ones are uploading, then I will create meta data and playlists. ------ Adam J. Slagell Chief Information Security Officer Sr. Research Scientist National Center for Supercomputing Applications University of Illinois at Urbana-Champaign www.slagell.info "Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure." > Bro Workshop videos > ------------------- > > Key: BIT-1075 > URL: https://bro-tracker.atlassian.net/browse/BIT-1075 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Website > Reporter: Benson Mathews > > Hi, > I was looking to go through the Bro Workshop 2011, but most of the videos doesn't seem to be working. > Could those be made available again. > Thanks, > Benson -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From jira at bro-tracker.atlassian.net Wed Sep 11 14:39:10 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Wed, 11 Sep 2013 16:39:10 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1076) topic/dnthayer/doc-fix-links In-Reply-To: References: Message-ID: Daniel Thayer created BIT-1076: ---------------------------------- Summary: topic/dnthayer/doc-fix-links Key: BIT-1076 URL: https://bro-tracker.atlassian.net/browse/BIT-1076 Project: Bro Issue Tracker Issue Type: Improvement Components: Bro Reporter: Daniel Thayer Fix For: 2.2 This branch fixes some links in the documentation. -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From jira at bro-tracker.atlassian.net Wed Sep 11 14:39:10 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Wed, 11 Sep 2013 16:39:10 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1076) topic/dnthayer/doc-fix-links In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1076?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Thayer updated BIT-1076: ------------------------------- Status: Merge Request (was: Open) > topic/dnthayer/doc-fix-links > ---------------------------- > > Key: BIT-1076 > URL: https://bro-tracker.atlassian.net/browse/BIT-1076 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: Bro > Reporter: Daniel Thayer > Fix For: 2.2 > > > This branch fixes some links in the documentation. -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From noreply at bro.org Thu Sep 12 00:00:15 2013 From: noreply at bro.org (Merge Tracker) Date: Thu, 12 Sep 2013 00:00:15 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309120700.r8C70F8j032180@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ------------- -------------- ---------- ------------- ---------- -------------------------------------------- BIT-1076 [1] Bro Daniel Thayer - 2013-09-11 2.2 Normal topic/dnthayer/doc-fix-links [2] BIT-1074 [3] BroControl Daniel Thayer - 2013-09-09 2.2 Normal topic/dnthayer/broctl-tests [4] BIT-950 [5] Bro ewust Bernhard Amann 2013-09-11 2.2 Low Add client/server random to SSL hello events Open Fastpath Commits ====================== Commit Component Author Date Summary ------------ ------------ ------------- ---------- ------------------------------------------------------ f5f3128 [6] binpac Jon Siwek 2013-09-10 Add missing break to switch statement case. fadd81b [7] binpac Jon Siwek 2013-09-10 Remove unreachable code. 449a77e [8] binpac Jon Siwek 2013-09-10 Add missing va_end()'s to match va_start()'s. 9b02dcd [9] binpac Jon Siwek 2013-09-10 Fix two use-after-free bugs. 09bfaf9 [10] binpac Jon Siwek 2013-09-10 Fix double-free. c3a4454 [11] bro Jon Siwek 2013-09-10 Fix significant memory leak. 1fbeefe [12] bro Jon Siwek 2013-09-10 Fix two use-after-free bugs. ee1312f [13] bro Daniel Thayer 2013-09-10 Fix an error seen when building documentation 61784b0 [14] broccoli Daniel Thayer 2013-09-10 Fix a broken link in documentation 8201354 [15] broctl Daniel Thayer 2013-09-11 Fix link to git repo to be consistent with other links ea1a767 [16] pysubnettree Daniel Thayer 2013-09-11 Fix a broken link in the documentation Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- ---------- ---------- ----------------------------------------------- #1 [17] broccoli dcode [18] 2013-08-12 Updated specfile. Works under mock for EL6 [19] [1] BIT-1076 https://bro-tracker.atlassian.net/browse/BIT-1076 [2] doc-fix-links https://github.com/bro/bro/tree/topic/dnthayer/doc-fix-links [3] BIT-1074 https://bro-tracker.atlassian.net/browse/BIT-1074 [4] broctl-tests https://github.com/bro/brocontrol/tree/topic/dnthayer/broctl-tests [5] BIT-950 https://bro-tracker.atlassian.net/browse/BIT-950 [6] f5f3128 https://github.com/bro/binpac/commit/f5f312843d1d77f8a851e3c26023f144f48bfe2b [7] fadd81b https://github.com/bro/binpac/commit/fadd81ba301bb9c06352618b0bb041ef7f123f84 [8] 449a77e https://github.com/bro/binpac/commit/449a77e8b2a2a1ba109816d5bb23d802b6b1c7ba [9] 9b02dcd https://github.com/bro/binpac/commit/9b02dcd02e2f5794bf7f56b1a03eb59458837040 [10] 09bfaf9 https://github.com/bro/binpac/commit/09bfaf9f997ba14fe1c27985bb52cbabef4486e4 [11] c3a4454 https://github.com/bro/bro/commit/c3a4454892fe0224f68efce23b797fb89ca04ee1 [12] 1fbeefe https://github.com/bro/bro/commit/1fbeefedbc6470f98090d6edc2f99cf2f66e3ba9 [13] ee1312f https://github.com/bro/bro/commit/ee1312f2add224eafcf0c7e193d5d818aa34c84f [14] 61784b0 https://github.com/bro/broccoli/commit/61784b07d17005efa10105e8daeb6f1276f3549e [15] 8201354 https://github.com/bro/broctl/commit/82013546842794f9a9369ba84df51a01b8807dc7 [16] ea1a767 https://github.com/bro/pysubnettree/commit/ea1a7670fef96caaeb39061756d224e19ab61cc9 [17] Pull Request #1 https://github.com/bro/broccoli/pull/1 [18] dcode https://github.com/dcode [19] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From jira at bro-tracker.atlassian.net Thu Sep 12 14:41:10 2013 From: jira at bro-tracker.atlassian.net (Jon Siwek (JIRA)) Date: Thu, 12 Sep 2013 16:41:10 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1076) topic/dnthayer/doc-fix-links In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1076?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jon Siwek updated BIT-1076: --------------------------- Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > topic/dnthayer/doc-fix-links > ---------------------------- > > Key: BIT-1076 > URL: https://bro-tracker.atlassian.net/browse/BIT-1076 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: Bro > Reporter: Daniel Thayer > Fix For: 2.2 > > > This branch fixes some links in the documentation. -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From jira at bro-tracker.atlassian.net Thu Sep 12 14:49:10 2013 From: jira at bro-tracker.atlassian.net (Jon Siwek (JIRA)) Date: Thu, 12 Sep 2013 16:49:10 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1077) fix policy/protocols/http/header-names.bro In-Reply-To: References: Message-ID: Jon Siwek created BIT-1077: ------------------------------ Summary: fix policy/protocols/http/header-names.bro Key: BIT-1077 URL: https://bro-tracker.atlassian.net/browse/BIT-1077 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Affects Versions: git/master Reporter: Jon Siwek Fix For: 2.2 This script is wrong for the {{log_server_header_names}} case. -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From jira at bro-tracker.atlassian.net Thu Sep 12 21:55:11 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Thu, 12 Sep 2013 23:55:11 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1078) topic/dnthayer/documentation In-Reply-To: References: Message-ID: Daniel Thayer created BIT-1078: ---------------------------------- Summary: topic/dnthayer/documentation Key: BIT-1078 URL: https://bro-tracker.atlassian.net/browse/BIT-1078 Project: Bro Issue Tracker Issue Type: Improvement Components: bro-aux Reporter: Daniel Thayer Fix For: 2.2 This branch updates the documentation for bro-aux. -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From jira at bro-tracker.atlassian.net Thu Sep 12 21:55:11 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Thu, 12 Sep 2013 23:55:11 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1078) topic/dnthayer/documentation In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1078?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Thayer updated BIT-1078: ------------------------------- Status: Merge Request (was: Open) > topic/dnthayer/documentation > ---------------------------- > > Key: BIT-1078 > URL: https://bro-tracker.atlassian.net/browse/BIT-1078 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: bro-aux > Reporter: Daniel Thayer > Fix For: 2.2 > > > This branch updates the documentation for bro-aux. -- This message was sent by Atlassian JIRA (v6.1-OD-06-1#6139) From noreply at bro.org Fri Sep 13 00:00:14 2013 From: noreply at bro.org (Merge Tracker) Date: Fri, 13 Sep 2013 00:00:14 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309130700.r8D70Eb4024100@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ------------- -------------- ---------- ------------- ---------- -------------------------------------------- BIT-1078 [1] bro-aux Daniel Thayer - 2013-09-12 2.2 Normal topic/dnthayer/documentation [2] BIT-1074 [3] BroControl Daniel Thayer - 2013-09-09 2.2 Normal topic/dnthayer/broctl-tests [4] BIT-950 [5] Bro ewust Bernhard Amann 2013-09-11 2.2 Low Add client/server random to SSL hello events Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [6] broccoli dcode [7] 2013-08-12 Updated specfile. Works under mock for EL6 [8] [1] BIT-1078 https://bro-tracker.atlassian.net/browse/BIT-1078 [2] documentation https://github.com/bro/bro-aux/tree/topic/dnthayer/documentation [3] BIT-1074 https://bro-tracker.atlassian.net/browse/BIT-1074 [4] broctl-tests https://github.com/bro/brocontrol/tree/topic/dnthayer/broctl-tests [5] BIT-950 https://bro-tracker.atlassian.net/browse/BIT-950 [6] Pull Request #1 https://github.com/bro/broccoli/pull/1 [7] dcode https://github.com/dcode [8] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From noreply at bro.org Sat Sep 14 00:00:12 2013 From: noreply at bro.org (Merge Tracker) Date: Sat, 14 Sep 2013 00:00:12 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309140700.r8E70C3p022815@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ------------- -------------- ---------- ------------- ---------- -------------------------------------------- BIT-1078 [1] bro-aux Daniel Thayer - 2013-09-12 2.2 Normal topic/dnthayer/documentation [2] BIT-1074 [3] BroControl Daniel Thayer - 2013-09-09 2.2 Normal topic/dnthayer/broctl-tests [4] BIT-950 [5] Bro ewust Bernhard Amann 2013-09-11 2.2 Low Add client/server random to SSL hello events Open Fastpath Commits ====================== Commit Component Author Date Summary ----------- ----------- --------- ---------- ------------------------------------------- 735d2c4 [6] bro Jon Siwek 2013-09-13 Fix/improve dereference-before-null-checks. 3d81432 [7] bro Jon Siwek 2013-09-13 Fix out-of-bounds memory accesses. 5a99287 [8] bro Jon Siwek 2013-09-13 Fix potential mem leak. a99e873 [9] bro Jon Siwek 2013-09-13 Fix double-free and deallocator mismatch. Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------------- ---------- ----------------------------------------------------------- #3 [10] bro smiledawgg [11] 2013-09-13 new function in util: get_hexdump(unsigned char*, int) [12] #1 [13] broccoli dcode [14] 2013-08-12 Updated specfile. Works under mock for EL6 [15] [1] BIT-1078 https://bro-tracker.atlassian.net/browse/BIT-1078 [2] documentation https://github.com/bro/bro-aux/tree/topic/dnthayer/documentation [3] BIT-1074 https://bro-tracker.atlassian.net/browse/BIT-1074 [4] broctl-tests https://github.com/bro/brocontrol/tree/topic/dnthayer/broctl-tests [5] BIT-950 https://bro-tracker.atlassian.net/browse/BIT-950 [6] 735d2c4 https://github.com/bro/bro/commit/735d2c402af678f1fe65a918010d7c5124b5a5f3 [7] 3d81432 https://github.com/bro/bro/commit/3d81432a1e90e46a436b8a1e98cdcb6f0d6a4e1b [8] 5a99287 https://github.com/bro/bro/commit/5a992879a060dd247025051990a26d5900feb3a9 [9] a99e873 https://github.com/bro/bro/commit/a99e873d5c3f7a86f604ef3ea6e83a6a546b8015 [10] Pull Request #3 https://github.com/bro/bro/pull/3 [11] smiledawgg https://github.com/smiledawgg [12] Merge Pull Request #3 with git pull https://github.com/smiledawgg/bro.git master [13] Pull Request #1 https://github.com/bro/broccoli/pull/1 [14] dcode https://github.com/dcode [15] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From noreply at bro.org Sun Sep 15 00:00:14 2013 From: noreply at bro.org (Merge Tracker) Date: Sun, 15 Sep 2013 00:00:14 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309150700.r8F70EB6032126@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ------------- -------------- ---------- ------------- ---------- -------------------------------------------- BIT-1078 [1] bro-aux Daniel Thayer - 2013-09-12 2.2 Normal topic/dnthayer/documentation [2] BIT-1074 [3] BroControl Daniel Thayer - 2013-09-09 2.2 Normal topic/dnthayer/broctl-tests [4] BIT-950 [5] Bro ewust Bernhard Amann 2013-09-11 2.2 Low Add client/server random to SSL hello events Open Fastpath Commits ====================== Commit Component Author Date Summary ----------- ----------- --------- ---------- ------------------------------------------- 735d2c4 [6] bro Jon Siwek 2013-09-13 Fix/improve dereference-before-null-checks. 3d81432 [7] bro Jon Siwek 2013-09-13 Fix out-of-bounds memory accesses. 5a99287 [8] bro Jon Siwek 2013-09-13 Fix potential mem leak. a99e873 [9] bro Jon Siwek 2013-09-13 Fix double-free and deallocator mismatch. Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------------- ---------- ----------------------------------------------------------- #3 [10] bro smiledawgg [11] 2013-09-13 new function in util: get_hexdump(unsigned char*, int) [12] #1 [13] broccoli dcode [14] 2013-08-12 Updated specfile. Works under mock for EL6 [15] [1] BIT-1078 https://bro-tracker.atlassian.net/browse/BIT-1078 [2] documentation https://github.com/bro/bro-aux/tree/topic/dnthayer/documentation [3] BIT-1074 https://bro-tracker.atlassian.net/browse/BIT-1074 [4] broctl-tests https://github.com/bro/brocontrol/tree/topic/dnthayer/broctl-tests [5] BIT-950 https://bro-tracker.atlassian.net/browse/BIT-950 [6] 735d2c4 https://github.com/bro/bro/commit/735d2c402af678f1fe65a918010d7c5124b5a5f3 [7] 3d81432 https://github.com/bro/bro/commit/3d81432a1e90e46a436b8a1e98cdcb6f0d6a4e1b [8] 5a99287 https://github.com/bro/bro/commit/5a992879a060dd247025051990a26d5900feb3a9 [9] a99e873 https://github.com/bro/bro/commit/a99e873d5c3f7a86f604ef3ea6e83a6a546b8015 [10] Pull Request #3 https://github.com/bro/bro/pull/3 [11] smiledawgg https://github.com/smiledawgg [12] Merge Pull Request #3 with git pull https://github.com/smiledawgg/bro.git master [13] Pull Request #1 https://github.com/bro/broccoli/pull/1 [14] dcode https://github.com/dcode [15] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From noreply at bro.org Mon Sep 16 00:00:13 2013 From: noreply at bro.org (Merge Tracker) Date: Mon, 16 Sep 2013 00:00:13 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309160700.r8G70DYF007044@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ------------- -------------- ---------- ------------- ---------- -------------------------------------------- BIT-1078 [1] bro-aux Daniel Thayer - 2013-09-12 2.2 Normal topic/dnthayer/documentation [2] BIT-1074 [3] BroControl Daniel Thayer - 2013-09-09 2.2 Normal topic/dnthayer/broctl-tests [4] BIT-950 [5] Bro ewust Bernhard Amann 2013-09-11 2.2 Low Add client/server random to SSL hello events Open Fastpath Commits ====================== Commit Component Author Date Summary ----------- ----------- --------- ---------- ------------------------------------------- 735d2c4 [6] bro Jon Siwek 2013-09-13 Fix/improve dereference-before-null-checks. 3d81432 [7] bro Jon Siwek 2013-09-13 Fix out-of-bounds memory accesses. 5a99287 [8] bro Jon Siwek 2013-09-13 Fix potential mem leak. a99e873 [9] bro Jon Siwek 2013-09-13 Fix double-free and deallocator mismatch. Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------------- ---------- ----------------------------------------------------------- #3 [10] bro smiledawgg [11] 2013-09-16 new function in util: get_hexdump(unsigned char*, int) [12] #1 [13] broccoli dcode [14] 2013-08-12 Updated specfile. Works under mock for EL6 [15] [1] BIT-1078 https://bro-tracker.atlassian.net/browse/BIT-1078 [2] documentation https://github.com/bro/bro-aux/tree/topic/dnthayer/documentation [3] BIT-1074 https://bro-tracker.atlassian.net/browse/BIT-1074 [4] broctl-tests https://github.com/bro/brocontrol/tree/topic/dnthayer/broctl-tests [5] BIT-950 https://bro-tracker.atlassian.net/browse/BIT-950 [6] 735d2c4 https://github.com/bro/bro/commit/735d2c402af678f1fe65a918010d7c5124b5a5f3 [7] 3d81432 https://github.com/bro/bro/commit/3d81432a1e90e46a436b8a1e98cdcb6f0d6a4e1b [8] 5a99287 https://github.com/bro/bro/commit/5a992879a060dd247025051990a26d5900feb3a9 [9] a99e873 https://github.com/bro/bro/commit/a99e873d5c3f7a86f604ef3ea6e83a6a546b8015 [10] Pull Request #3 https://github.com/bro/bro/pull/3 [11] smiledawgg https://github.com/smiledawgg [12] Merge Pull Request #3 with git pull https://github.com/smiledawgg/bro.git master [13] Pull Request #1 https://github.com/bro/broccoli/pull/1 [14] dcode https://github.com/dcode [15] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From jira at bro-tracker.atlassian.net Mon Sep 16 11:03:19 2013 From: jira at bro-tracker.atlassian.net (Bernhard Amann (JIRA)) Date: Mon, 16 Sep 2013 13:03:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1072) merge topic/bernhard/hyperloglog In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14100#comment-14100 ] Bernhard Amann commented on BIT-1072: ------------------------------------- mem-leak fix and updated documentation is in topic/bernhard/ticket1072 > merge topic/bernhard/hyperloglog > -------------------------------- > > Key: BIT-1072 > URL: https://bro-tracker.atlassian.net/browse/BIT-1072 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Bernhard Amann > Fix For: 2.2 > > Attachments: out.pdf > > > The branch adds support for the hyperloglog data structure. > In the branch, core/leaks/basic-cluster.bro currently faisl. However, this seems to be unrelated to hll and just to be triggered by the addition of it to the sumstats tests. It looks like some kind of scriptland issue. pprof output is attached. (master, workers don't leak memory) -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Mon Sep 16 11:03:19 2013 From: jira at bro-tracker.atlassian.net (Bernhard Amann (JIRA)) Date: Mon, 16 Sep 2013 13:03:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1072) merge topic/bernhard/hyperloglog In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1072?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bernhard Amann updated BIT-1072: -------------------------------- Status: Merge Request (was: In Progress) > merge topic/bernhard/hyperloglog > -------------------------------- > > Key: BIT-1072 > URL: https://bro-tracker.atlassian.net/browse/BIT-1072 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Bernhard Amann > Fix For: 2.2 > > Attachments: out.pdf > > > The branch adds support for the hyperloglog data structure. > In the branch, core/leaks/basic-cluster.bro currently faisl. However, this seems to be unrelated to hll and just to be triggered by the addition of it to the sumstats tests. It looks like some kind of scriptland issue. pprof output is attached. (master, workers don't leak memory) -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Mon Sep 16 11:03:19 2013 From: jira at bro-tracker.atlassian.net (Bernhard Amann (JIRA)) Date: Mon, 16 Sep 2013 13:03:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1072) merge topic/bernhard/hyperloglog In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1072?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bernhard Amann updated BIT-1072: -------------------------------- Status: In Progress (was: Open) > merge topic/bernhard/hyperloglog > -------------------------------- > > Key: BIT-1072 > URL: https://bro-tracker.atlassian.net/browse/BIT-1072 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Bernhard Amann > Fix For: 2.2 > > Attachments: out.pdf > > > The branch adds support for the hyperloglog data structure. > In the branch, core/leaks/basic-cluster.bro currently faisl. However, this seems to be unrelated to hll and just to be triggered by the addition of it to the sumstats tests. It looks like some kind of scriptland issue. pprof output is attached. (master, workers don't leak memory) -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From vern at icir.org Mon Sep 16 15:06:45 2013 From: vern at icir.org (Vern Paxson) Date: Mon, 16 Sep 2013 15:06:45 -0700 Subject: [Bro-Dev] Should Bro Ignore PCAP Checksums by Default? In-Reply-To: (Fri, 21 Jun 2013 23:33:22 PDT). Message-ID: <20130916220645.D217E2C4026@rock.ICSI.Berkeley.EDU> [reviving an old thread] > > I think we should keep the default with strict checksum checking, especially now that we have the new script that tells users if they seem to have invalid checksums. I would rather push people down the right path as much as possible. > > My thoughts too. I'm struck by how often new users continue to get bitten by needing -C due to checksum offloading. Would it work to provide checksum auto-sensing? Something like: if upon reading from an interface the very first packet has a checksum error, assume that -C is needed; verify this, though, for the next N packets, just to be safe. Vern From jira at bro-tracker.atlassian.net Mon Sep 16 18:13:19 2013 From: jira at bro-tracker.atlassian.net (Bernhard Amann (JIRA)) Date: Mon, 16 Sep 2013 20:13:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-953) SSL Analyzer: return the root CA used to validate a cert In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-953?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bernhard Amann updated BIT-953: ------------------------------- Fix Version/s: (was: 2.2) 2.3 > SSL Analyzer: return the root CA used to validate a cert > -------------------------------------------------------- > > Key: BIT-953 > URL: https://bro-tracker.atlassian.net/browse/BIT-953 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: liamrandall > Assignee: Bernhard Amann > Priority: Low > Labels: Analyzer,, CA, Root,, SSL > Fix For: 2.3 > > > Since Bro will validate certs can we add a variable that says who the root CA was; would be useful for CA pinning, white listing or black listing. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Mon Sep 16 18:15:19 2013 From: jira at bro-tracker.atlassian.net (Bernhard Amann (JIRA)) Date: Mon, 16 Sep 2013 20:15:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-953) SSL Analyzer: return the root CA used to validate a cert In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-953?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14101#comment-14101 ] Bernhard Amann commented on BIT-953: ------------------------------------ ...this definitely won't make it into 2.2. And will make much more sense with x509 parsing split into the file-analysis-framework in any case. > SSL Analyzer: return the root CA used to validate a cert > -------------------------------------------------------- > > Key: BIT-953 > URL: https://bro-tracker.atlassian.net/browse/BIT-953 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: liamrandall > Assignee: Bernhard Amann > Priority: Low > Labels: Analyzer,, CA, Root,, SSL > Fix For: 2.3 > > > Since Bro will validate certs can we add a variable that says who the root CA was; would be useful for CA pinning, white listing or black listing. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From seth at icir.org Mon Sep 16 18:22:15 2013 From: seth at icir.org (Seth Hall) Date: Mon, 16 Sep 2013 21:22:15 -0400 Subject: [Bro-Dev] Should Bro Ignore PCAP Checksums by Default? In-Reply-To: <20130916220645.D217E2C4026@rock.ICSI.Berkeley.EDU> References: <20130916220645.D217E2C4026@rock.ICSI.Berkeley.EDU> Message-ID: <3A0DE8BE-6142-4C9D-A00B-FA9B86720DBC@icir.org> On Sep 16, 2013, at 6:06 PM, Vern Paxson wrote: > I'm struck by how often new users continue to get bitten by needing -C > due to checksum offloading. Would it work to provide checksum auto-sensing? > Something like: if upon reading from an interface the very first packet > has a checksum error, assume that -C is needed; verify this, though, for > the next N packets, just to be safe. Hrm, I'm conflicted this. I agree that would be a nice approach for my pragmatic side that wants Bro to fight and strive and do the best analysis but my strict side says that I'd like to get people to do the right thing. I think I'm onboard with this idea. It would be nice to get fewer people tripping over that as long as we are careful to warn them whenever we're auto-disabling checksum validation. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20130916/a456b3a9/attachment.bin From noreply at bro.org Tue Sep 17 00:00:12 2013 From: noreply at bro.org (Merge Tracker) Date: Tue, 17 Sep 2013 00:00:12 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309170700.r8H70C3A019233@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- -------------- -------------- ---------- ------------- ---------- -------------------------------------------- BIT-1078 [1] bro-aux Daniel Thayer - 2013-09-12 2.2 Normal topic/dnthayer/documentation [2] BIT-1074 [3] BroControl Daniel Thayer - 2013-09-09 2.2 Normal topic/dnthayer/broctl-tests [4] BIT-1072 [5] Bro Bernhard Amann - 2013-09-16 2.2 Normal merge topic/bernhard/hyperloglog BIT-950 [6] Bro ewust Bernhard Amann 2013-09-11 2.2 Low Add client/server random to SSL hello events Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- -------------- ---------- ---------------------------------------------------------- #3 [7] bro smiledawgg [8] 2013-09-16 new function in util: get_hexdump(unsigned char*, int) [9] #1 [10] broccoli dcode [11] 2013-08-12 Updated specfile. Works under mock for EL6 [12] [1] BIT-1078 https://bro-tracker.atlassian.net/browse/BIT-1078 [2] documentation https://github.com/bro/bro-aux/tree/topic/dnthayer/documentation [3] BIT-1074 https://bro-tracker.atlassian.net/browse/BIT-1074 [4] broctl-tests https://github.com/bro/brocontrol/tree/topic/dnthayer/broctl-tests [5] BIT-1072 https://bro-tracker.atlassian.net/browse/BIT-1072 [6] BIT-950 https://bro-tracker.atlassian.net/browse/BIT-950 [7] Pull Request #3 https://github.com/bro/bro/pull/3 [8] smiledawgg https://github.com/smiledawgg [9] Merge Pull Request #3 with git pull https://github.com/smiledawgg/bro.git master [10] Pull Request #1 https://github.com/bro/broccoli/pull/1 [11] dcode https://github.com/dcode [12] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From jira at bro-tracker.atlassian.net Tue Sep 17 14:49:19 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Tue, 17 Sep 2013 16:49:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1079) topic/dnthayer/compilerwarn In-Reply-To: References: Message-ID: Daniel Thayer created BIT-1079: ---------------------------------- Summary: topic/dnthayer/compilerwarn Key: BIT-1079 URL: https://bro-tracker.atlassian.net/browse/BIT-1079 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Reporter: Daniel Thayer Fix For: 2.2 This branch fixes several compiler warnings and one cmake warning. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Tue Sep 17 14:49:19 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Tue, 17 Sep 2013 16:49:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1079) topic/dnthayer/compilerwarn In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1079?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Thayer updated BIT-1079: ------------------------------- Status: Merge Request (was: Open) > topic/dnthayer/compilerwarn > --------------------------- > > Key: BIT-1079 > URL: https://bro-tracker.atlassian.net/browse/BIT-1079 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Reporter: Daniel Thayer > Fix For: 2.2 > > > This branch fixes several compiler warnings and one cmake warning. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From noreply at bro.org Wed Sep 18 00:00:16 2013 From: noreply at bro.org (Merge Tracker) Date: Wed, 18 Sep 2013 00:00:16 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309180700.r8I70G3J005675@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- -------------- -------------- ---------- ------------- ---------- -------------------------------------------- BIT-1079 [1] Bro Daniel Thayer - 2013-09-17 2.2 Normal topic/dnthayer/compilerwarn [2] BIT-1078 [3] bro-aux Daniel Thayer - 2013-09-12 2.2 Normal topic/dnthayer/documentation [4] BIT-1074 [5] BroControl Daniel Thayer - 2013-09-09 2.2 Normal topic/dnthayer/broctl-tests [6] BIT-1072 [7] Bro Bernhard Amann - 2013-09-16 2.2 Normal merge topic/bernhard/hyperloglog BIT-950 [8] Bro ewust Bernhard Amann 2013-09-11 2.2 Low Add client/server random to SSL hello events Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------------- ---------- ----------------------------------------------------------- #3 [9] bro smiledawgg [10] 2013-09-16 new function in util: get_hexdump(unsigned char*, int) [11] #1 [12] broccoli dcode [13] 2013-08-12 Updated specfile. Works under mock for EL6 [14] [1] BIT-1079 https://bro-tracker.atlassian.net/browse/BIT-1079 [2] compilerwarn https://github.com/bro/bro/tree/topic/dnthayer/compilerwarn [3] BIT-1078 https://bro-tracker.atlassian.net/browse/BIT-1078 [4] documentation https://github.com/bro/bro-aux/tree/topic/dnthayer/documentation [5] BIT-1074 https://bro-tracker.atlassian.net/browse/BIT-1074 [6] broctl-tests https://github.com/bro/brocontrol/tree/topic/dnthayer/broctl-tests [7] BIT-1072 https://bro-tracker.atlassian.net/browse/BIT-1072 [8] BIT-950 https://bro-tracker.atlassian.net/browse/BIT-950 [9] Pull Request #3 https://github.com/bro/bro/pull/3 [10] smiledawgg https://github.com/smiledawgg [11] Merge Pull Request #3 with git pull https://github.com/smiledawgg/bro.git master [12] Pull Request #1 https://github.com/bro/broccoli/pull/1 [13] dcode https://github.com/dcode [14] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From jira at bro-tracker.atlassian.net Wed Sep 18 15:15:19 2013 From: jira at bro-tracker.atlassian.net (Robin Sommer (JIRA)) Date: Wed, 18 Sep 2013 17:15:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-950) Add client/server random to SSL hello events In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-950: ----------------------------- Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > Add client/server random to SSL hello events > -------------------------------------------- > > Key: BIT-950 > URL: https://bro-tracker.atlassian.net/browse/BIT-950 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Bro > Affects Versions: git/master > Reporter: ewust > Assignee: Bernhard Amann > Priority: Low > Fix For: 2.2 > > Attachments: 0001-Add-client-server-random-to-ssl-hello-events.patch > > > ssl_client_hello and ssl_server_hello should provide applications with the nonces (client/server random) in the SSL hello messages. This can be used for steganographic applications, or can be used to detect entropy problems. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Wed Sep 18 15:15:19 2013 From: jira at bro-tracker.atlassian.net (Robin Sommer (JIRA)) Date: Wed, 18 Sep 2013 17:15:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1079) topic/dnthayer/compilerwarn In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1079?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1079: ------------------------------ Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > topic/dnthayer/compilerwarn > --------------------------- > > Key: BIT-1079 > URL: https://bro-tracker.atlassian.net/browse/BIT-1079 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Reporter: Daniel Thayer > Fix For: 2.2 > > > This branch fixes several compiler warnings and one cmake warning. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Wed Sep 18 15:15:19 2013 From: jira at bro-tracker.atlassian.net (Robin Sommer (JIRA)) Date: Wed, 18 Sep 2013 17:15:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1078) topic/dnthayer/documentation In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1078?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1078: ------------------------------ Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > topic/dnthayer/documentation > ---------------------------- > > Key: BIT-1078 > URL: https://bro-tracker.atlassian.net/browse/BIT-1078 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: bro-aux > Reporter: Daniel Thayer > Fix For: 2.2 > > > This branch updates the documentation for bro-aux. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Wed Sep 18 15:15:19 2013 From: jira at bro-tracker.atlassian.net (Robin Sommer (JIRA)) Date: Wed, 18 Sep 2013 17:15:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1072) merge topic/bernhard/hyperloglog In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1072?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1072: ------------------------------ Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > merge topic/bernhard/hyperloglog > -------------------------------- > > Key: BIT-1072 > URL: https://bro-tracker.atlassian.net/browse/BIT-1072 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Bernhard Amann > Fix For: 2.2 > > Attachments: out.pdf > > > The branch adds support for the hyperloglog data structure. > In the branch, core/leaks/basic-cluster.bro currently faisl. However, this seems to be unrelated to hll and just to be triggered by the addition of it to the sumstats tests. It looks like some kind of scriptland issue. pprof output is attached. (master, workers don't leak memory) -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Wed Sep 18 15:17:19 2013 From: jira at bro-tracker.atlassian.net (Robin Sommer (JIRA)) Date: Wed, 18 Sep 2013 17:17:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1074) topic/dnthayer/broctl-tests In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1074?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1074: ------------------------------ Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > topic/dnthayer/broctl-tests > --------------------------- > > Key: BIT-1074 > URL: https://bro-tracker.atlassian.net/browse/BIT-1074 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: BroControl > Reporter: Daniel Thayer > Fix For: 2.2 > > > This branch adds tests for newer features of broctl (CPU pinning, > PF_RING multiple cluster IDs, and the "env_vars" option). -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Wed Sep 18 15:43:19 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Wed, 18 Sep 2013 17:43:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1080) topic/dnthayer/doc-improvements In-Reply-To: References: Message-ID: Daniel Thayer created BIT-1080: ---------------------------------- Summary: topic/dnthayer/doc-improvements Key: BIT-1080 URL: https://bro-tracker.atlassian.net/browse/BIT-1080 Project: Bro Issue Tracker Issue Type: Problem Components: BTest Reporter: Daniel Thayer Fix For: 2.2 The branch topic/dnthayer/doc-improvements contains various improvements and fixes for the btest README documentation. In addition, it contains a fix of the btest-rst-pipe script. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Wed Sep 18 15:43:19 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Wed, 18 Sep 2013 17:43:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1080) topic/dnthayer/doc-improvements In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1080?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Thayer updated BIT-1080: ------------------------------- Status: Merge Request (was: Open) > topic/dnthayer/doc-improvements > ------------------------------- > > Key: BIT-1080 > URL: https://bro-tracker.atlassian.net/browse/BIT-1080 > Project: Bro Issue Tracker > Issue Type: Problem > Components: BTest > Reporter: Daniel Thayer > Fix For: 2.2 > > > The branch topic/dnthayer/doc-improvements contains various > improvements and fixes for the btest README documentation. > In addition, it contains a fix of the btest-rst-pipe script. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From noreply at bro.org Thu Sep 19 00:00:17 2013 From: noreply at bro.org (Merge Tracker) Date: Thu, 19 Sep 2013 00:00:17 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309190700.r8J70Hs3001435@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ------------- ---------- ---------- ------------- ---------- ----------------------------------- BIT-1080 [1] BTest Daniel Thayer - 2013-09-18 2.2 Normal topic/dnthayer/doc-improvements [2] Open Fastpath Commits ====================== Commit Component Author Date Summary ----------- ----------- ------------- ---------- ----------------------------------------- d417bd9 [3] bro Daniel Thayer 2013-09-18 Update documentation of required packages Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- -------------- ---------- ---------------------------------------------------------- #3 [4] bro smiledawgg [5] 2013-09-16 new function in util: get_hexdump(unsigned char*, int) [6] #1 [7] broccoli dcode [8] 2013-08-12 Updated specfile. Works under mock for EL6 [9] [1] BIT-1080 https://bro-tracker.atlassian.net/browse/BIT-1080 [2] doc-improvements https://github.com/bro/btest/tree/topic/dnthayer/doc-improvements [3] d417bd9 https://github.com/bro/bro/commit/d417bd9f3a05d275cbca6685b35a03fc566c7869 [4] Pull Request #3 https://github.com/bro/bro/pull/3 [5] smiledawgg https://github.com/smiledawgg [6] Merge Pull Request #3 with git pull https://github.com/smiledawgg/bro.git master [7] Pull Request #1 https://github.com/bro/broccoli/pull/1 [8] dcode https://github.com/dcode [9] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From noreply at bro.org Fri Sep 20 00:00:16 2013 From: noreply at bro.org (Merge Tracker) Date: Fri, 20 Sep 2013 00:00:16 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309200700.r8K70GE8001421@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ------------- ---------- ---------- ------------- ---------- ----------------------------------- BIT-1080 [1] BTest Daniel Thayer - 2013-09-18 2.2 Normal topic/dnthayer/doc-improvements [2] Open Fastpath Commits ====================== Commit Component Author Date Summary ------------ ----------- -------------- ---------- ------------------------------------------------------------ b226a66 [3] binpac Jon Siwek 2013-09-19 Add virtual dtor to RefCount base class. 30aa6f4 [4] bro-aux Bernhard Amann 2013-09-19 update gen-mozilla-ca-list.rb to retrieve the mozilla root c bfbf1f7 [5] bro Daniel Thayer 2013-09-19 Add more links in the GeoLocation document 78ef315 [6] bro Daniel Thayer 2013-09-19 Add links to Intelligence Framework documentation 8b48a47 [7] bro Bernhard Amann 2013-09-19 update mozilla root ca list d05a02e [8] bro Jon Siwek 2013-09-19 Update Mozilla root CA certs. d417bd9 [9] bro Daniel Thayer 2013-09-18 Update documentation of required packages bfca757 [10] broctl Daniel Thayer 2013-09-20 Add more links in broctl documentation Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------------- ---------- ----------------------------------------------------------- #3 [11] bro smiledawgg [12] 2013-09-16 new function in util: get_hexdump(unsigned char*, int) [13] #1 [14] broccoli dcode [15] 2013-08-12 Updated specfile. Works under mock for EL6 [16] [1] BIT-1080 https://bro-tracker.atlassian.net/browse/BIT-1080 [2] doc-improvements https://github.com/bro/btest/tree/topic/dnthayer/doc-improvements [3] b226a66 https://github.com/bro/binpac/commit/b226a66df78b0cda5bcf87548fa87b48e14946df [4] 30aa6f4 https://github.com/bro/bro-aux/commit/30aa6f47c3f4b9aa698b134a6e081950076cefd5 [5] bfbf1f7 https://github.com/bro/bro/commit/bfbf1f7305e150bd3f4b2c62bfec4bbd81bb98ec [6] 78ef315 https://github.com/bro/bro/commit/78ef31577b3a6d6f478f74f28743a1c5efe2e145 [7] 8b48a47 https://github.com/bro/bro/commit/8b48a476ecf58a96d9cb014b275c7172f188a176 [8] d05a02e https://github.com/bro/bro/commit/d05a02e848dc0e9ff27293339d3cb90c48ce25ba [9] d417bd9 https://github.com/bro/bro/commit/d417bd9f3a05d275cbca6685b35a03fc566c7869 [10] bfca757 https://github.com/bro/broctl/commit/bfca75777a2491f4f6269fb044e55eb2e3ac0a95 [11] Pull Request #3 https://github.com/bro/bro/pull/3 [12] smiledawgg https://github.com/smiledawgg [13] Merge Pull Request #3 with git pull https://github.com/smiledawgg/bro.git master [14] Pull Request #1 https://github.com/bro/broccoli/pull/1 [15] dcode https://github.com/dcode [16] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From jira at bro-tracker.atlassian.net Fri Sep 20 07:39:19 2013 From: jira at bro-tracker.atlassian.net (Robin Sommer (JIRA)) Date: Fri, 20 Sep 2013 09:39:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1080) topic/dnthayer/doc-improvements In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1080?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1080: ------------------------------ Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > topic/dnthayer/doc-improvements > ------------------------------- > > Key: BIT-1080 > URL: https://bro-tracker.atlassian.net/browse/BIT-1080 > Project: Bro Issue Tracker > Issue Type: Problem > Components: BTest > Reporter: Daniel Thayer > Fix For: 2.2 > > > The branch topic/dnthayer/doc-improvements contains various > improvements and fixes for the btest README documentation. > In addition, it contains a fix of the btest-rst-pipe script. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Fri Sep 20 09:03:19 2013 From: jira at bro-tracker.atlassian.net (Jon Siwek (JIRA)) Date: Fri, 20 Sep 2013 11:03:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1081) topic/jsiwek/raw-exec-pgrp In-Reply-To: References: Message-ID: Jon Siwek created BIT-1081: ------------------------------ Summary: topic/jsiwek/raw-exec-pgrp Key: BIT-1081 URL: https://bro-tracker.atlassian.net/browse/BIT-1081 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Affects Versions: git/master Reporter: Jon Siwek Assignee: Daniel Thayer Fix For: 2.2 Daniel, can you do a sanity check w/ this branch on your Ubuntu system to confirm it fixes the problem w/ the executestream test leaving behind 'tail' processes? If it does, you can change this to a merge request. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Fri Sep 20 09:23:19 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Fri, 20 Sep 2013 11:23:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1081) topic/jsiwek/raw-exec-pgrp In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1081?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14102#comment-14102 ] Daniel Thayer commented on BIT-1081: ------------------------------------ It works for me. > topic/jsiwek/raw-exec-pgrp > -------------------------- > > Key: BIT-1081 > URL: https://bro-tracker.atlassian.net/browse/BIT-1081 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: git/master > Reporter: Jon Siwek > Assignee: Daniel Thayer > Fix For: 2.2 > > > Daniel, can you do a sanity check w/ this branch on your Ubuntu system to confirm it fixes the problem w/ the executestream test leaving behind 'tail' processes? If it does, you can change this to a merge request. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Fri Sep 20 09:23:19 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Fri, 20 Sep 2013 11:23:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1081) topic/jsiwek/raw-exec-pgrp In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1081?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Thayer updated BIT-1081: ------------------------------- Status: Merge Request (was: Open) > topic/jsiwek/raw-exec-pgrp > -------------------------- > > Key: BIT-1081 > URL: https://bro-tracker.atlassian.net/browse/BIT-1081 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: git/master > Reporter: Jon Siwek > Assignee: Daniel Thayer > Fix For: 2.2 > > > Daniel, can you do a sanity check w/ this branch on your Ubuntu system to confirm it fixes the problem w/ the executestream test leaving behind 'tail' processes? If it does, you can change this to a merge request. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Fri Sep 20 10:57:19 2013 From: jira at bro-tracker.atlassian.net (Bernhard Amann (JIRA)) Date: Fri, 20 Sep 2013 12:57:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-166) Make SSL analyzer recognize STARTTLS In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-166?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bernhard Amann updated BIT-166: ------------------------------- Resolution: Duplicate Status: Closed (was: Open) This is a duplicate of BIT-533 (which is a bit more verbose) > Make SSL analyzer recognize STARTTLS > ------------------------------------ > > Key: BIT-166 > URL: https://bro-tracker.atlassian.net/browse/BIT-166 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: 1.5.2 > Reporter: gregor > Labels: SSL,, STARTTLS > > Hi, > after a quick glance at the SSL-analyzer, it seems that it does not work/start on connections that use STARTTLS. Would be a nice feature. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Fri Sep 20 11:01:19 2013 From: jira at bro-tracker.atlassian.net (Bernhard Amann (JIRA)) Date: Fri, 20 Sep 2013 13:01:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1082) Trash after SNI information In-Reply-To: References: Message-ID: Bernhard Amann created BIT-1082: ----------------------------------- Summary: Trash after SNI information Key: BIT-1082 URL: https://bro-tracker.atlassian.net/browse/BIT-1082 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Affects Versions: git/master Reporter: Bernhard Amann Fix For: 2.3 When using Bro to extract the server name indication of TLS connections, Bro sometimes does not seem to be able to determine the correct end of the server name field -- instead it also returns additional binary data at the end of the server name. I do not know if this is reproducible, so far I have not managed to get a trace of a case where it happens. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Fri Sep 20 11:21:19 2013 From: jira at bro-tracker.atlassian.net (srunnels (JIRA)) Date: Fri, 20 Sep 2013 13:21:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1083) Update scripting documentation In-Reply-To: References: Message-ID: srunnels created BIT-1083: ----------------------------- Summary: Update scripting documentation Key: BIT-1083 URL: https://bro-tracker.atlassian.net/browse/BIT-1083 Project: Bro Issue Tracker Issue Type: Improvement Components: Bro Reporter: srunnels Priority: Low Updates based on suggestions by Robin. Currently in topic/srunnels/documentation -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Fri Sep 20 11:21:19 2013 From: jira at bro-tracker.atlassian.net (srunnels (JIRA)) Date: Fri, 20 Sep 2013 13:21:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1083) Update scripting documentation In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] srunnels updated BIT-1083: -------------------------- Status: Merge Request (was: Open) > Update scripting documentation > ------------------------------ > > Key: BIT-1083 > URL: https://bro-tracker.atlassian.net/browse/BIT-1083 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: Bro > Reporter: srunnels > Priority: Low > Labels: documentation, > > Updates based on suggestions by Robin. > Currently in topic/srunnels/documentation -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From jira at bro-tracker.atlassian.net Fri Sep 20 16:55:19 2013 From: jira at bro-tracker.atlassian.net (Robin Sommer (JIRA)) Date: Fri, 20 Sep 2013 18:55:19 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1081) topic/jsiwek/raw-exec-pgrp In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1081?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1081: ------------------------------ Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > topic/jsiwek/raw-exec-pgrp > -------------------------- > > Key: BIT-1081 > URL: https://bro-tracker.atlassian.net/browse/BIT-1081 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: git/master > Reporter: Jon Siwek > Assignee: Daniel Thayer > Fix For: 2.2 > > > Daniel, can you do a sanity check w/ this branch on your Ubuntu system to confirm it fixes the problem w/ the executestream test leaving behind 'tail' processes? If it does, you can change this to a merge request. -- This message was sent by Atlassian JIRA (v6.1-OD-08#6143) From leres at ee.lbl.gov Fri Sep 20 22:11:42 2013 From: leres at ee.lbl.gov (Craig Leres) Date: Fri, 20 Sep 2013 22:11:42 -0700 Subject: [Bro-Dev] bro 2.1 vs clang Message-ID: <523D2A8E.80209@ee.lbl.gov> There's a FreeBSD ports bug report that says clang 3.3 doesn't like bro 2.1: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/182127 /home/ports/security/bro/work/bro-2.1/src/Expr.cc:2392:9: error: reference to 'is_assignable' is ambiguous if ( ! is_assignable(op->Type()) ) ^ /home/ports/security/bro/work/bro-2.1/src/Type.h:645:12: note: candidate found by name lookup is 'is_assignable' extern int is_assignable(BroType* t); ^ /usr/include/c++/v1/type_traits:1407:8: note: candidate found by name lookup is 'std::__1::is_assignable' struct is_assignable ^ 1 error generated. I don't have a 10/CURRENT system handy but I built clang 3.3 on my 9.1-RELEASE system but bro built without errors. (There were errors which I've attached in case they'd be useful.) Rather than having to actually build a -CURRENT system to figure this out, is it obvious what the issue is and how to patch it? I'm now the maintainer of the FreeBSD bro port and I'm about to submit a PR to split broccoli out of the current bro port, make broctl a config option, etc. and would like to fix this as part of this update if possible. Craig -------------- next part -------------- ===> Building for bro-2.1_2 [ 0%] [BISON][BIFParser] Building parser with bison 2.7.12-4996 [ 0%] [FLEX][BIFScanner] Building scanner with flex /usr/bin/flex version 2.5.4 Scanning dependencies of target ftwire2bro Scanning dependencies of target binpac_lib Scanning dependencies of target adtrace Scanning dependencies of target rst Scanning dependencies of target capstats [ 0%] Swig source Scanning dependencies of target nfcollector [ 1%] [FLEX][PACScanner] Building scanner with flex /usr/bin/flex version 2.5.4 [ 1%] [BISON][PACParser] Building parser with bison 2.7.12-4996 [ 2%] Building C object aux/bro-aux/nftools/CMakeFiles/ftwire2bro.dir/ftwire2bro.c.o [ 7%] Building CXX object aux/binpac/lib/CMakeFiles/binpac_lib.dir/binpac_bytestring.cc.o [ 5%] Building CXX object aux/broctl/aux/capstats/CMakeFiles/capstats.dir/capstats.cc.o [ 5%] Building C object aux/bro-aux/adtrace/CMakeFiles/adtrace.dir/adtrace.c.o [ 5%] Building CXX object aux/binpac/lib/CMakeFiles/binpac_lib.dir/binpac_buffer.cc.o [ 5%] Building C object aux/bro-aux/rst/CMakeFiles/rst.dir/rst.c.o [ 7%] Building CXX object aux/broctl/aux/capstats/CMakeFiles/capstats.dir/version.cc.o [ 7%] Building C object aux/bro-aux/nftools/CMakeFiles/nfcollector.dir/nfcollector.c.o Scanning dependencies of target bifcl [ 7%] Building CXX object src/CMakeFiles/bifcl.dir/bif_arg.cc.o [ 7%] Building CXX object src/CMakeFiles/bifcl.dir/bif_parse.cc.o [ 7%] Building CXX object src/CMakeFiles/bifcl.dir/module_util.cc.o Linking C executable ftwire2bro Linking C executable adtrace Linking C executable rst Scanning dependencies of target binpac [ 7%] Built target ftwire2bro [ 7%] Built target rst Linking C executable nfcollector [ 10%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_analyzer.cc.o [ 8%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_action.cc.o [ 8%] Building CXX object src/CMakeFiles/bifcl.dir/bif_lex.cc.o [ 10%] Built target adtrace [ 10%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_array.cc.o [ 10%] Built target nfcollector [ 10%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_attr.cc.o [ 10%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_btype.cc.o Scanning dependencies of target _SubnetTree [ 10%] Building C object aux/broctl/aux/pysubnettree/CMakeFiles/_SubnetTree.dir/patricia.c.o [ 10%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_case.cc.o /home/fun/u2/src/local/ports/lbl-bro/work/bro-2.1/aux/broctl/aux/pysubnettree/patricia.c:329:14: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare] if (bitlen < 0 || bitlen > maxbitlen) ~~~~~~ ^ ~ Linking CXX static library libbinpac.a [ 10%] Building CXX object aux/broctl/aux/pysubnettree/CMakeFiles/_SubnetTree.dir/SubnetTree.cc.o [ 10%] Building CXX object aux/broctl/aux/pysubnettree/CMakeFiles/_SubnetTree.dir/SubnetTreePYTHON_wrap.cxx.o Linking CXX executable capstats [ 11%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_conn.cc.o 1 warning generated. [ 11%] Built target binpac_lib [ 11%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_context.cc.o [ 11%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_cstr.cc.o [ 11%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_datadep.cc.o [ 11%] Built target capstats [ 13%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_dataptr.cc.o [ 13%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_dataunit.cc.o /home/fun/u2/src/local/ports/lbl-bro/work/.build/aux/broctl/aux/pysubnettree/SubnetTreePYTHON_wrap.cxx:2390:23: warning: explicitly assigning a variable of type 'int' to itself [-Wself-assign] [ 13%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_decl.cc.o res = SWIG_AddCast(res); ~~~ ^ ~~~ /home/fun/u2/src/local/ports/lbl-bro/work/.build/aux/broctl/aux/pysubnettree/SubnetTreePYTHON_wrap.cxx:2393:23: warning: explicitly assigning a variable of type 'int' to itself [-Wself-assign] res = SWIG_AddCast(res); ~~~ ^ ~~~ [ 13%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_embedded.cc.o Linking CXX executable bifcl [ 14%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_enum.cc.o [ 14%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_expr.cc.o [ 14%] Built target bifcl [ 14%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_exttype.cc.o [ 16%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_flow.cc.o [ 16%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_func.cc.o [ 14%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_field.cc.o [ 16%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_id.cc.o [ 16%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_inputbuf.cc.o [ 17%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_let.cc.o [ 17%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_param.cc.o [ 17%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_primitive.cc.o [ 17%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_record.cc.o [ 17%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_paramtype.cc.o [ 19%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_redef.cc.o 2 warnings generated. Linking CXX shared module _SubnetTree.so [ 19%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_state.cc.o [ 19%] Built target _SubnetTree [ 19%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_strtype.cc.o [ 20%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_type.cc.o [ 19%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_regex.cc.o [ 20%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_typedecl.cc.o [ 20%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_output.cc.o [ 20%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_withinput.cc.o [ 22%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_utils.cc.o [ 22%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_exception.cc.o [ 22%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_parse.cc.o [ 22%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_main.cc.o [ 22%] Building CXX object aux/binpac/src/CMakeFiles/binpac.dir/pac_scan.cc.o Linking CXX executable binpac [ 22%] Built target binpac [ 22%] [BIFCL] Processing bro.bif [ 22%] [BIFCL] Processing logging.bif [ 22%] [BIFCL] Processing input.bif [ 23%] [BIFCL] Processing event.bif [ 23%] [BIFCL] Processing const.bif [ 23%] [BIFCL] Processing types.bif [ 23%] [BIFCL] Processing strings.bif [ 23%] [BINPAC] Processing binpac_bro-lib.pac [ 23%] [BIFCL] Processing reporter.bif [ 23%] [BINPAC] Processing bittorrent.pac [ 25%] [BINPAC] Processing binpac-lib.pac [ 23%] [BINPAC] Processing ayiya.pac [ 26%] [BINPAC] Processing dce_rpc.pac [ 26%] [BINPAC] Processing dce_rpc_simple.pac [ 26%] [BINPAC] Processing dhcp.pac [ 26%] [BINPAC] Processing dns.pac [ 26%] [BINPAC] Processing http.pac [ 26%] [BINPAC] Processing ncp.pac [ 28%] [BINPAC] Processing smb.pac [ 28%] [BINPAC] Processing socks.pac [ 26%] [BINPAC] Processing netflow.pac [ 28%] [BINPAC] Processing ssl.pac [ 28%] [BINPAC] Processing syslog.pac [ 28%] [FLEX][RuleScanner] Building scanner with flex /usr/bin/flex version 2.5.4 [ 29%] [BINPAC] Processing dns_tcp.pac [ 31%] [FLEX][REScanner] Building scanner with flex /usr/bin/flex version 2.5.4 [ 31%] [FLEX][Scanner] Building scanner with flex /usr/bin/flex version 2.5.4 [ 31%] [BISON][REParser] Building parser with bison 2.7.12-4996 [ 31%] [BISON][Parser] Building parser with bison 2.7.12-4996 [ 32%] [BISON][RuleParser] Building parser with bison 2.7.12-4996 [ 31%] [Perl] Processing debug commands [ 32%] [sed] replacing stuff in /home/fun/u2/src/local/ports/lbl-bro/work/.build/src/rep.cc [ 34%] [sed] replacing stuff in /home/fun/u2/src/local/ports/lbl-bro/work/.build/src/rup.cc [ 34%] [sed] replacing stuff in /home/fun/u2/src/local/ports/lbl-bro/work/.build/src/rup.h [ 34%] [sed] replacing stuff in /home/fun/u2/src/local/ports/lbl-bro/work/.build/src/p.cc Scanning dependencies of target bro [ 34%] Building C object src/CMakeFiles/bro.dir/version.c.o [ 34%] Building CXX object src/CMakeFiles/bro.dir/module_util.cc.o [ 34%] Building CXX object src/CMakeFiles/bro.dir/net_util.cc.o [ 34%] Building CXX object src/CMakeFiles/bro.dir/Attr.cc.o [ 35%] Building CXX object src/CMakeFiles/bro.dir/BPF_Program.cc.o [ 35%] Building CXX object src/CMakeFiles/bro.dir/BroDoc.cc.o [ 35%] Building CXX object src/CMakeFiles/bro.dir/BroDocObj.cc.o [ 37%] Building CXX object src/CMakeFiles/bro.dir/Brofiler.cc.o [ 38%] Building CXX object src/CMakeFiles/bro.dir/DFA.cc.o [ 38%] Building CXX object src/CMakeFiles/bro.dir/CCL.cc.o [ 37%] Building CXX object src/CMakeFiles/bro.dir/BroString.cc.o [ 38%] Building CXX object src/CMakeFiles/bro.dir/CompHash.cc.o [ 40%] Building CXX object src/CMakeFiles/bro.dir/DbgBreakpoint.cc.o [ 40%] Building CXX object src/CMakeFiles/bro.dir/DbgHelp.cc.o [ 40%] Building CXX object src/CMakeFiles/bro.dir/DbgWatch.cc.o [ 40%] Building CXX object src/CMakeFiles/bro.dir/Desc.cc.o [ 40%] Building CXX object src/CMakeFiles/bro.dir/Dict.cc.o [ 40%] Building CXX object src/CMakeFiles/bro.dir/EquivClass.cc.o [ 41%] Building CXX object src/CMakeFiles/bro.dir/EventHandler.cc.o [ 41%] Building CXX object src/CMakeFiles/bro.dir/EventRegistry.cc.o [ 41%] Building CXX object src/CMakeFiles/bro.dir/Frame.cc.o [ 41%] Building CXX object src/CMakeFiles/bro.dir/Hash.cc.o [ 43%] Building CXX object src/CMakeFiles/bro.dir/ID.cc.o [ 43%] Building CXX object src/CMakeFiles/bro.dir/IntSet.cc.o [ 44%] Building CXX object src/CMakeFiles/bro.dir/IOSource.cc.o [ 44%] Building CXX object src/CMakeFiles/bro.dir/IP.cc.o [ 44%] Building CXX object src/CMakeFiles/bro.dir/List.cc.o [ 46%] Building CXX object src/CMakeFiles/bro.dir/NFA.cc.o [ 46%] Building CXX object src/CMakeFiles/bro.dir/Obj.cc.o [ 47%] Building CXX object src/CMakeFiles/bro.dir/OSFinger.cc.o [ 47%] Building CXX object src/CMakeFiles/bro.dir/PacketFilter.cc.o [ 47%] Building CXX object src/CMakeFiles/bro.dir/PolicyFile.cc.o [ 49%] Building CXX object src/CMakeFiles/bro.dir/PrefixTable.cc.o [ 49%] Building CXX object src/CMakeFiles/bro.dir/PriorityQueue.cc.o [ 49%] Building CXX object src/CMakeFiles/bro.dir/Queue.cc.o [ 49%] Building CXX object src/CMakeFiles/bro.dir/RandTest.cc.o [ 50%] Building CXX object src/CMakeFiles/bro.dir/RE.cc.o [ 50%] Building CXX object src/CMakeFiles/bro.dir/Reassem.cc.o [ 50%] Building CXX object src/CMakeFiles/bro.dir/ScriptAnaly.cc.o [ 50%] Building CXX object src/CMakeFiles/bro.dir/SmithWaterman.cc.o [ 52%] Building CXX object src/CMakeFiles/bro.dir/Scope.cc.o [ 52%] Building CXX object src/CMakeFiles/bro.dir/SerializationFormat.cc.o [ 52%] Building CXX object src/CMakeFiles/bro.dir/SerialObj.cc.o [ 52%] Building CXX object src/CMakeFiles/bro.dir/Timer.cc.o [ 53%] Building CXX object src/CMakeFiles/bro.dir/Traverse.cc.o [ 53%] Building CXX object src/CMakeFiles/bro.dir/Trigger.cc.o [ 53%] Building CXX object src/CMakeFiles/bro.dir/Type.cc.o [ 53%] Building CXX object src/CMakeFiles/bro.dir/Var.cc.o [ 53%] Building CXX object src/CMakeFiles/bro.dir/XDR.cc.o [ 55%] Building C object src/CMakeFiles/bro.dir/bsd-getopt-long.c.o [ 55%] Building C object src/CMakeFiles/bro.dir/bro_inet_ntop.c.o [ 55%] Building C object src/CMakeFiles/bro.dir/cq.c.o [ 55%] Building C object src/CMakeFiles/bro.dir/patricia.c.o [ 56%] Building C object src/CMakeFiles/bro.dir/strsep.c.o /home/fun/u2/src/local/ports/lbl-bro/work/bro-2.1/src/patricia.c:329:14: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare] if (bitlen < 0 || bitlen > maxbitlen) ~~~~~~ ^ ~ [ 56%] Building C object src/CMakeFiles/bro.dir/setsignal.c.o [ 56%] Building C object src/CMakeFiles/bro.dir/modp_numtoa.c.o [ 56%] Building CXX object src/CMakeFiles/bro.dir/threading/SerialTypes.cc.o [ 56%] Building CXX object src/CMakeFiles/bro.dir/threading/MsgThread.cc.o /home/fun/u2/src/local/ports/lbl-bro/work/bro-2.1/src/SerialObj.cc:159:12: warning: variable 'tmp' is used uninitialized whenever '&&' condition is false [-Wsometimes-uninitialized] result = UNSERIALIZE(&full_obj) && UNSERIALIZE(&tmp); ^~~~~~~~~~~~~~~~~~~~~~ /home/fun/u2/src/local/ports/lbl-bro/work/bro-2.1/src/SerialObj.h:249:2: note: expanded from macro 'UNSERIALIZE' info->s->Read(x, #x) ^~~~~~~~~~~~~~~~~~~~ /home/fun/u2/src/local/ports/lbl-bro/work/bro-2.1/src/SerialObj.cc:160:9: note: uninitialized use occurs here pid = tmp; ^~~ /home/fun/u2/src/local/ports/lbl-bro/work/bro-2.1/src/SerialObj.cc:159:12: note: remove the '&&' if its condition is always true result = UNSERIALIZE(&full_obj) && UNSERIALIZE(&tmp); ^~~~~~~~~~~~~~~~~~~~~~~~~~ /home/fun/u2/src/local/ports/lbl-bro/work/bro-2.1/src/SerialObj.h:249:2: note: expanded from macro 'UNSERIALIZE' info->s->Read(x, #x) ^ /home/fun/u2/src/local/ports/lbl-bro/work/bro-2.1/src/SerialObj.cc:158:13: note: initialize the variable 'tmp' to silence this warning uint32 tmp; ^ = 0 1 warning generated. [ 58%] Building CXX object src/CMakeFiles/bro.dir/threading/BasicThread.cc.o [ 59%] Building CXX object src/CMakeFiles/bro.dir/logging/WriterBackend.cc.o [ 58%] Building CXX object src/CMakeFiles/bro.dir/input/ReaderBackend.cc.o [ 61%] Building CXX object src/CMakeFiles/bro.dir/input/ReaderFrontend.cc.o [ 61%] Building CXX object src/CMakeFiles/bro.dir/Debug.cc.o [ 62%] Building C object src/CMakeFiles/bro.dir/nb_dns.c.o [ 64%] Building CXX object src/CMakeFiles/bro.dir/DebugCmds.cc.o 1 warning generated. [ 64%] Building CXX object src/CMakeFiles/bro.dir/binpac-lib_pac.cc.o [ 65%] Building CXX object src/CMakeFiles/bro.dir/binpac_bro-lib_pac.cc.o [ 65%] Building CXX object src/CMakeFiles/bro.dir/ARP.cc.o [ 65%] Building CXX object src/CMakeFiles/bro.dir/AYIYA.cc.o [ 67%] Building CXX object src/CMakeFiles/bro.dir/Anon.cc.o [ 67%] Building CXX object src/CMakeFiles/bro.dir/Analyzer.cc.o [ 68%] Building CXX object src/CMakeFiles/bro.dir/BackDoor.cc.o [ 68%] Building CXX object src/CMakeFiles/bro.dir/Base64.cc.o [ 68%] Building CXX object src/CMakeFiles/bro.dir/BitTorrent.cc.o [ 68%] Building CXX object src/CMakeFiles/bro.dir/ChunkedIO.cc.o [ 68%] Building CXX object src/CMakeFiles/bro.dir/BitTorrentTracker.cc.o [ 70%] Building CXX object src/CMakeFiles/bro.dir/Conn.cc.o [ 70%] Building CXX object src/CMakeFiles/bro.dir/ConnSizeAnalyzer.cc.o [ 70%] Building CXX object src/CMakeFiles/bro.dir/ContentLine.cc.o [ 70%] Building CXX object src/CMakeFiles/bro.dir/DCE_RPC.cc.o [ 70%] Building CXX object src/CMakeFiles/bro.dir/DHCP-binpac.cc.o [ 70%] Building CXX object src/CMakeFiles/bro.dir/DNS-binpac.cc.o [ 70%] Building CXX object src/CMakeFiles/bro.dir/DNS.cc.o [ 70%] Building CXX object src/CMakeFiles/bro.dir/DNS_Mgr.cc.o [ 70%] Building CXX object src/CMakeFiles/bro.dir/DPM.cc.o [ 70%] Building CXX object src/CMakeFiles/bro.dir/DebugLogger.cc.o [ 71%] Building CXX object src/CMakeFiles/bro.dir/Discard.cc.o [ 71%] Building CXX object src/CMakeFiles/bro.dir/Event.cc.o [ 71%] Building CXX object src/CMakeFiles/bro.dir/EventLauncher.cc.o [ 71%] Building CXX object src/CMakeFiles/bro.dir/Expr.cc.o [ 73%] Building CXX object src/CMakeFiles/bro.dir/FTP.cc.o [ 73%] Building CXX object src/CMakeFiles/bro.dir/File.cc.o [ 73%] Building CXX object src/CMakeFiles/bro.dir/Finger.cc.o [ 73%] Building CXX object src/CMakeFiles/bro.dir/FileAnalyzer.cc.o [ 73%] Building CXX object src/CMakeFiles/bro.dir/FlowSrc.cc.o [ 74%] Building CXX object src/CMakeFiles/bro.dir/Gnutella.cc.o [ 74%] Building CXX object src/CMakeFiles/bro.dir/Frag.cc.o [ 74%] Building CXX object src/CMakeFiles/bro.dir/HTTP-binpac.cc.o [ 76%] Building CXX object src/CMakeFiles/bro.dir/HTTP.cc.o [ 76%] Building CXX object src/CMakeFiles/bro.dir/ICMP.cc.o [ 76%] Building CXX object src/CMakeFiles/bro.dir/IPAddr.cc.o [ 76%] Building CXX object src/CMakeFiles/bro.dir/IRC.cc.o [ 76%] Building CXX object src/CMakeFiles/bro.dir/Ident.cc.o [ 76%] Building CXX object src/CMakeFiles/bro.dir/InterConn.cc.o [ 76%] Building CXX object src/CMakeFiles/bro.dir/Login.cc.o [ 76%] Building CXX object src/CMakeFiles/bro.dir/MIME.cc.o [ 76%] Building CXX object src/CMakeFiles/bro.dir/NCP.cc.o [ 76%] Building CXX object src/CMakeFiles/bro.dir/NFS.cc.o [ 76%] Building CXX object src/CMakeFiles/bro.dir/NTP.cc.o [ 76%] Building CXX object src/CMakeFiles/bro.dir/NVT.cc.o [ 77%] Building CXX object src/CMakeFiles/bro.dir/Net.cc.o [ 77%] Building CXX object src/CMakeFiles/bro.dir/NetbiosSSN.cc.o [ 77%] Building CXX object src/CMakeFiles/bro.dir/PIA.cc.o [ 77%] Building CXX object src/CMakeFiles/bro.dir/POP3.cc.o [ 77%] Building CXX object src/CMakeFiles/bro.dir/PacketDumper.cc.o [ 77%] Building CXX object src/CMakeFiles/bro.dir/PacketSort.cc.o [ 77%] Building CXX object src/CMakeFiles/bro.dir/PersistenceSerializer.cc.o [ 79%] Building CXX object src/CMakeFiles/bro.dir/PktSrc.cc.o [ 79%] Building CXX object src/CMakeFiles/bro.dir/Portmap.cc.o [ 79%] Building CXX object src/CMakeFiles/bro.dir/RPC.cc.o [ 79%] Building CXX object src/CMakeFiles/bro.dir/RSH.cc.o [ 79%] Building CXX object src/CMakeFiles/bro.dir/RemoteSerializer.cc.o [ 80%] Building CXX object src/CMakeFiles/bro.dir/Reporter.cc.o [ 82%] Building CXX object src/CMakeFiles/bro.dir/Rlogin.cc.o [ 82%] Building CXX object src/CMakeFiles/bro.dir/Rule.cc.o [ 82%] Building CXX object src/CMakeFiles/bro.dir/RuleAction.cc.o [ 83%] Building CXX object src/CMakeFiles/bro.dir/RuleCondition.cc.o [ 83%] Building CXX object src/CMakeFiles/bro.dir/RuleMatcher.cc.o [ 83%] Building CXX object src/CMakeFiles/bro.dir/SMTP.cc.o [ 85%] Building CXX object src/CMakeFiles/bro.dir/SMB.cc.o [ 85%] Building CXX object src/CMakeFiles/bro.dir/SOCKS.cc.o [ 85%] Building CXX object src/CMakeFiles/bro.dir/SSH.cc.o [ 85%] Building CXX object src/CMakeFiles/bro.dir/Serializer.cc.o [ 85%] Building CXX object src/CMakeFiles/bro.dir/SSL.cc.o [ 86%] Building CXX object src/CMakeFiles/bro.dir/Sessions.cc.o [ 86%] Building CXX object src/CMakeFiles/bro.dir/StateAccess.cc.o [ 86%] Building CXX object src/CMakeFiles/bro.dir/Stats.cc.o [ 86%] Building CXX object src/CMakeFiles/bro.dir/SteppingStone.cc.o [ 88%] Building CXX object src/CMakeFiles/bro.dir/Stmt.cc.o [ 88%] Building CXX object src/CMakeFiles/bro.dir/Syslog-binpac.cc.o [ 88%] Building CXX object src/CMakeFiles/bro.dir/TCP.cc.o [ 88%] Building CXX object src/CMakeFiles/bro.dir/TCP_Endpoint.cc.o [ 89%] Building CXX object src/CMakeFiles/bro.dir/TCP_Reassembler.cc.o [ 89%] Building CXX object src/CMakeFiles/bro.dir/Telnet.cc.o [ 89%] Building CXX object src/CMakeFiles/bro.dir/Teredo.cc.o [ 89%] Building CXX object src/CMakeFiles/bro.dir/TunnelEncapsulation.cc.o [ 91%] Building CXX object src/CMakeFiles/bro.dir/Val.cc.o [ 89%] Building CXX object src/CMakeFiles/bro.dir/UDP.cc.o [ 91%] Building CXX object src/CMakeFiles/bro.dir/ZIP.cc.o [ 91%] Building CXX object src/CMakeFiles/bro.dir/ayiya_pac.cc.o [ 91%] Building CXX object src/CMakeFiles/bro.dir/bittorrent_pac.cc.o [ 91%] Building CXX object src/CMakeFiles/bro.dir/dce_rpc_pac.cc.o [ 91%] Building CXX object src/CMakeFiles/bro.dir/dhcp_pac.cc.o [ 92%] Building CXX object src/CMakeFiles/bro.dir/dce_rpc_simple_pac.cc.o [ 92%] Building CXX object src/CMakeFiles/bro.dir/dns_pac.cc.o [ 92%] Building CXX object src/CMakeFiles/bro.dir/dns_tcp_pac.cc.o [ 92%] Building CXX object src/CMakeFiles/bro.dir/http_pac.cc.o [ 92%] Building CXX object src/CMakeFiles/bro.dir/input/Manager.cc.o [ 92%] Building CXX object src/CMakeFiles/bro.dir/input/readers/Ascii.cc.o [ 92%] Building CXX object src/CMakeFiles/bro.dir/input/readers/Benchmark.cc.o [ 92%] Building CXX object src/CMakeFiles/bro.dir/input/readers/Raw.cc.o [ 92%] Building CXX object src/CMakeFiles/bro.dir/logging/Manager.cc.o [ 92%] Building CXX object src/CMakeFiles/bro.dir/logging/WriterFrontend.cc.o [ 92%] Building CXX object src/CMakeFiles/bro.dir/logging/writers/Ascii.cc.o [ 92%] Building CXX object src/CMakeFiles/bro.dir/logging/writers/DataSeries.cc.o [ 94%] Building CXX object src/CMakeFiles/bro.dir/logging/writers/ElasticSearch.cc.o [ 94%] Building CXX object src/CMakeFiles/bro.dir/logging/writers/None.cc.o [ 95%] Building CXX object src/CMakeFiles/bro.dir/main.cc.o [ 97%] Building CXX object src/CMakeFiles/bro.dir/ncp_pac.cc.o /home/fun/u2/src/local/ports/lbl-bro/work/bro-2.1/src/logging/Manager.cc:755:28: warning: comparison of constant 'TYPE_STRING' (8) with expression of type 'bool' is always false [-Wtautological-constant-out-of-range-compare] if ( ! v->Type()->Tag() == TYPE_STRING ) ~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~ [ 97%] Building CXX object src/CMakeFiles/bro.dir/netflow_pac.cc.o [ 97%] Building CXX object src/CMakeFiles/bro.dir/smb_pac.cc.o [ 97%] Building CXX object src/CMakeFiles/bro.dir/socks_pac.cc.o [ 98%] Building CXX object src/CMakeFiles/bro.dir/syslog_pac.cc.o [ 98%] Building CXX object src/CMakeFiles/bro.dir/ssl_pac.cc.o [ 98%] Building CXX object src/CMakeFiles/bro.dir/threading/Manager.cc.o [ 98%] Building CXX object src/CMakeFiles/bro.dir/util.cc.o [ 98%] Building CXX object src/CMakeFiles/bro.dir/NetVar.cc.o [ 98%] Building CXX object src/CMakeFiles/bro.dir/rule-parse.cc.o 1 warning generated. [ 98%] Building CXX object src/CMakeFiles/bro.dir/re-parse.cc.o [ 98%] Building CXX object src/CMakeFiles/bro.dir/re-scan.cc.o [100%] Building CXX object src/CMakeFiles/bro.dir/parse.cc.o [100%] Building CXX object src/CMakeFiles/bro.dir/scan.cc.o [100%] Building CXX object src/CMakeFiles/bro.dir/Func.cc.o [100%] Building CXX object src/CMakeFiles/bro.dir/rule-scan.cc.o Linking CXX executable bro [100%] Built target bro fun 62 # From noreply at bro.org Sat Sep 21 00:00:17 2013 From: noreply at bro.org (Merge Tracker) Date: Sat, 21 Sep 2013 00:00:17 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309210700.r8L70Hu9028760@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ---------- ---------- ---------- ------------- ---------- ------------------------------ BIT-1083 [1] Bro srunnels - 2013-09-20 - Low Update scripting documentation Open Fastpath Commits ====================== Commit Component Author Date Summary ----------- ------------ ------------- ---------- ----------------------------------------------- f3a0dd7 [2] capstats Daniel Thayer 2013-09-20 Correct a few errors in the README 5d9af31 [3] pysubnettree Daniel Thayer 2013-09-20 Fix an error in README and improve the examples Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- -------------- ---------- ---------------------------------------------------------- #3 [4] bro smiledawgg [5] 2013-09-16 new function in util: get_hexdump(unsigned char*, int) [6] #1 [7] broccoli dcode [8] 2013-08-12 Updated specfile. Works under mock for EL6 [9] [1] BIT-1083 https://bro-tracker.atlassian.net/browse/BIT-1083 [2] f3a0dd7 https://github.com/bro/capstats/commit/f3a0dd7ce485ac4608f5707c430b8c6ff8954aac [3] 5d9af31 https://github.com/bro/pysubnettree/commit/5d9af318db7905d106c4d7ba658d5599eb582dc8 [4] Pull Request #3 https://github.com/bro/bro/pull/3 [5] smiledawgg https://github.com/smiledawgg [6] Merge Pull Request #3 with git pull https://github.com/smiledawgg/bro.git master [7] Pull Request #1 https://github.com/bro/broccoli/pull/1 [8] dcode https://github.com/dcode [9] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From robin at icir.org Sat Sep 21 07:58:39 2013 From: robin at icir.org (Robin Sommer) Date: Sat, 21 Sep 2013 07:58:39 -0700 Subject: [Bro-Dev] bro 2.1 vs clang In-Reply-To: <523D2A8E.80209@ee.lbl.gov> References: <523D2A8E.80209@ee.lbl.gov> Message-ID: <20130921145839.GS18402@icir.org> On Fri, Sep 20, 2013 at 22:11 -0700, you wrote: > /home/ports/security/bro/work/bro-2.1/src/Expr.cc:2392:9: error: > reference to 'is_assignable' is ambiguous clang will be happy if you change it to this: + if ( ! ::is_assignable(op->Type()) ) I've actually fixed that in a branch, thanks for reminding me to merge it in for 2.2. :-) Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin From noreply at bro.org Sun Sep 22 00:00:13 2013 From: noreply at bro.org (Merge Tracker) Date: Sun, 22 Sep 2013 00:00:13 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309220700.r8M70D7K002228@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ---------- ---------- ---------- ------------- ---------- ------------------------------ BIT-1083 [1] Bro srunnels - 2013-09-20 - Low Update scripting documentation Open Fastpath Commits ====================== Commit Component Author Date Summary ----------- ------------ ------------- ---------- ----------------------------------------------- f3a0dd7 [2] capstats Daniel Thayer 2013-09-20 Correct a few errors in the README 5d9af31 [3] pysubnettree Daniel Thayer 2013-09-20 Fix an error in README and improve the examples Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- -------------- ---------- ---------------------------------------------------------- #3 [4] bro smiledawgg [5] 2013-09-16 new function in util: get_hexdump(unsigned char*, int) [6] #1 [7] broccoli dcode [8] 2013-08-12 Updated specfile. Works under mock for EL6 [9] [1] BIT-1083 https://bro-tracker.atlassian.net/browse/BIT-1083 [2] f3a0dd7 https://github.com/bro/capstats/commit/f3a0dd7ce485ac4608f5707c430b8c6ff8954aac [3] 5d9af31 https://github.com/bro/pysubnettree/commit/5d9af318db7905d106c4d7ba658d5599eb582dc8 [4] Pull Request #3 https://github.com/bro/bro/pull/3 [5] smiledawgg https://github.com/smiledawgg [6] Merge Pull Request #3 with git pull https://github.com/smiledawgg/bro.git master [7] Pull Request #1 https://github.com/bro/broccoli/pull/1 [8] dcode https://github.com/dcode [9] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From noreply at bro.org Mon Sep 23 00:00:15 2013 From: noreply at bro.org (Merge Tracker) Date: Mon, 23 Sep 2013 00:00:15 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309230700.r8N70FtA009169@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- ---------- ---------- ---------- ------------- ---------- ------------------------------ BIT-1083 [1] Bro srunnels - 2013-09-20 - Low Update scripting documentation Open Fastpath Commits ====================== Commit Component Author Date Summary ----------- ------------ ------------- ---------- ----------------------------------------------- f3a0dd7 [2] capstats Daniel Thayer 2013-09-20 Correct a few errors in the README 5d9af31 [3] pysubnettree Daniel Thayer 2013-09-20 Fix an error in README and improve the examples Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- -------------- ---------- ---------------------------------------------------------- #3 [4] bro smiledawgg [5] 2013-09-16 new function in util: get_hexdump(unsigned char*, int) [6] #1 [7] broccoli dcode [8] 2013-08-12 Updated specfile. Works under mock for EL6 [9] [1] BIT-1083 https://bro-tracker.atlassian.net/browse/BIT-1083 [2] f3a0dd7 https://github.com/bro/capstats/commit/f3a0dd7ce485ac4608f5707c430b8c6ff8954aac [3] 5d9af31 https://github.com/bro/pysubnettree/commit/5d9af318db7905d106c4d7ba658d5599eb582dc8 [4] Pull Request #3 https://github.com/bro/bro/pull/3 [5] smiledawgg https://github.com/smiledawgg [6] Merge Pull Request #3 with git pull https://github.com/smiledawgg/bro.git master [7] Pull Request #1 https://github.com/bro/broccoli/pull/1 [8] dcode https://github.com/dcode [9] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From jira at bro-tracker.atlassian.net Mon Sep 23 11:55:05 2013 From: jira at bro-tracker.atlassian.net (Robin Sommer (JIRA)) Date: Mon, 23 Sep 2013 13:55:05 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1083) Update scripting documentation In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1083: ------------------------------ Status: Closed (was: Merge Request) > Update scripting documentation > ------------------------------ > > Key: BIT-1083 > URL: https://bro-tracker.atlassian.net/browse/BIT-1083 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: Bro > Reporter: srunnels > Priority: Low > Labels: documentation, > > Updates based on suggestions by Robin. > Currently in topic/srunnels/documentation -- This message was sent by Atlassian JIRA (v6.1-OD-09-WN#6144) From robin at icir.org Mon Sep 23 12:20:04 2013 From: robin at icir.org (Robin Sommer) Date: Mon, 23 Sep 2013 12:20:04 -0700 Subject: [Bro-Dev] NEWS updates Message-ID: <20130923192004.GQ51655@icir.org> I've updated the NEWS file in master. Please all take a look and see if you can think of something that's missing, or wrong. The general guideline is that for the "New Functionality" section, we should be pointing out the highlights that users may care about the most (and that might make them upgrade :). For "Changed Functionality", we'd ideally be documentating even smaller incompatibilities; we won't be able to be comprehensive, but whatever you can think of will be helpful. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin From jira at bro-tracker.atlassian.net Mon Sep 23 13:10:04 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Mon, 23 Sep 2013 15:10:04 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1084) topic/dnthayer/broargs In-Reply-To: References: Message-ID: Daniel Thayer created BIT-1084: ---------------------------------- Summary: topic/dnthayer/broargs Key: BIT-1084 URL: https://bro-tracker.atlassian.net/browse/BIT-1084 Project: Bro Issue Tracker Issue Type: Problem Components: BroControl Reporter: Daniel Thayer Fix For: 2.2 This branch fixes a bug that occurs when someone uses the "broargs" broctl option and it contains a command-line argument with an embedded space character. The scripts that run bro were splitting this argument (even if it was correctly quoted in broctl.cfg). For example, this will now work as expected: broargs = --filter 'not ip6' -- This message was sent by Atlassian JIRA (v6.1-OD-09-WN#6144) From jira at bro-tracker.atlassian.net Mon Sep 23 13:10:04 2013 From: jira at bro-tracker.atlassian.net (Daniel Thayer (JIRA)) Date: Mon, 23 Sep 2013 15:10:04 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1084) topic/dnthayer/broargs In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Thayer updated BIT-1084: ------------------------------- Status: Merge Request (was: Open) > topic/dnthayer/broargs > ---------------------- > > Key: BIT-1084 > URL: https://bro-tracker.atlassian.net/browse/BIT-1084 > Project: Bro Issue Tracker > Issue Type: Problem > Components: BroControl > Reporter: Daniel Thayer > Fix For: 2.2 > > > This branch fixes a bug that occurs when someone uses the "broargs" > broctl option and it contains a command-line argument with an embedded > space character. The scripts that run bro were splitting this argument > (even if it was correctly quoted in broctl.cfg). For example, this > will now work as expected: > broargs = --filter 'not ip6' -- This message was sent by Atlassian JIRA (v6.1-OD-09-WN#6144) From jira at bro-tracker.atlassian.net Mon Sep 23 20:30:04 2013 From: jira at bro-tracker.atlassian.net (Robin Sommer (JIRA)) Date: Mon, 23 Sep 2013 22:30:04 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1084) topic/dnthayer/broargs In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1084: ------------------------------ Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > topic/dnthayer/broargs > ---------------------- > > Key: BIT-1084 > URL: https://bro-tracker.atlassian.net/browse/BIT-1084 > Project: Bro Issue Tracker > Issue Type: Problem > Components: BroControl > Reporter: Daniel Thayer > Fix For: 2.2 > > > This branch fixes a bug that occurs when someone uses the "broargs" > broctl option and it contains a command-line argument with an embedded > space character. The scripts that run bro were splitting this argument > (even if it was correctly quoted in broctl.cfg). For example, this > will now work as expected: > broargs = --filter 'not ip6' -- This message was sent by Atlassian JIRA (v6.1-OD-09-WN#6144) From noreply at bro.org Tue Sep 24 00:00:12 2013 From: noreply at bro.org (Merge Tracker) Date: Tue, 24 Sep 2013 00:00:12 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309240700.r8O70CDm017816@bro-ids.icir.org> Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [1] broccoli dcode [2] 2013-08-12 Updated specfile. Works under mock for EL6 [3] [1] Pull Request #1 https://github.com/bro/broccoli/pull/1 [2] dcode https://github.com/dcode [3] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From noreply at bro.org Wed Sep 25 00:00:11 2013 From: noreply at bro.org (Merge Tracker) Date: Wed, 25 Sep 2013 00:00:11 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309250700.r8P70B7L028941@bro-ids.icir.org> Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [1] broccoli dcode [2] 2013-08-12 Updated specfile. Works under mock for EL6 [3] [1] Pull Request #1 https://github.com/bro/broccoli/pull/1 [2] dcode https://github.com/dcode [3] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From noreply at bro.org Thu Sep 26 00:00:12 2013 From: noreply at bro.org (Merge Tracker) Date: Thu, 26 Sep 2013 00:00:12 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309260700.r8Q70CoT019047@bro-ids.icir.org> Open Fastpath Commits ====================== Commit Component Author Date Summary ----------- ----------- ------------- ---------- ------------------------------------------------------- e67dba5 [1] bro-aux Daniel Thayer 2013-09-25 Don't show error message in bro-cut when gawk not found Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [2] broccoli dcode [3] 2013-08-12 Updated specfile. Works under mock for EL6 [4] [1] e67dba5 https://github.com/bro/bro-aux/commit/e67dba513f920e8e2f0e031d50c364cda6106e59 [2] Pull Request #1 https://github.com/bro/broccoli/pull/1 [3] dcode https://github.com/dcode [4] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From seth at icir.org Thu Sep 26 13:06:25 2013 From: seth at icir.org (Seth Hall) Date: Thu, 26 Sep 2013 16:06:25 -0400 Subject: [Bro-Dev] functions truly as globals? Message-ID: <3A9CE25B-9976-43A3-9C99-206724620C80@icir.org> At scriptland, when we define function prototypes we define them as globals but they seem to be turned into consts in the core. Does it make sense to actually make them globals? It would allow me to do runtime monkey patching? which I'm not saying I'd ever do (wink, wink). But it would make runtime instrumentation and measurement significantly easier for some things. Here's an example of what I'd like to be able to do? global some_func: function(): string; function some_func(): string { return "Original function"; } function my_func(): string { return "monkey patched!"; } event bro_init() { some_func = my_func; some_func(); } Hopefully this would print "monkey patched!". Are there any conceptually any major problems with doing this? We should still be able to do parse time typing correctly in this case too I believe. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20130926/7c3ae613/attachment.bin From robin at icir.org Thu Sep 26 15:34:55 2013 From: robin at icir.org (Robin Sommer) Date: Thu, 26 Sep 2013 15:34:55 -0700 Subject: [Bro-Dev] functions truly as globals? In-Reply-To: <3A9CE25B-9976-43A3-9C99-206724620C80@icir.org> References: <3A9CE25B-9976-43A3-9C99-206724620C80@icir.org> Message-ID: <20130926223455.GQ48087@icir.org> On Thu, Sep 26, 2013 at 16:06 -0400, you wrote: > some_func = my_func; Please, no ... That's not only hurting readability profoundly but also prevents function-level code optimization. Just imagine the impact once we start compiling scripts ... Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin From seth at icir.org Thu Sep 26 19:16:58 2013 From: seth at icir.org (Seth Hall) Date: Thu, 26 Sep 2013 22:16:58 -0400 Subject: [Bro-Dev] functions truly as globals? In-Reply-To: <20130926223455.GQ48087@icir.org> References: <3A9CE25B-9976-43A3-9C99-206724620C80@icir.org> <20130926223455.GQ48087@icir.org> Message-ID: <5A8DE07E-4C1A-4666-91BB-C2A686DC8A51@icir.org> On Sep 26, 2013, at 6:34 PM, Robin Sommer wrote: > Please, no ... That's not only hurting readability profoundly but also > prevents function-level code optimization. Just imagine the impact > once we start compiling scripts ... Cool, I agree. I just had to make sure. :) .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20130926/584a7934/attachment.bin From noreply at bro.org Fri Sep 27 00:00:12 2013 From: noreply at bro.org (Merge Tracker) Date: Fri, 27 Sep 2013 00:00:12 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309270700.r8R70CIk022158@bro-ids.icir.org> Open Fastpath Commits ====================== Commit Component Author Date Summary ----------- ----------- ------------- ---------- ------------------------------------------------------- e67dba5 [1] bro-aux Daniel Thayer 2013-09-25 Don't show error message in bro-cut when gawk not found 97503da [2] bro Daniel Thayer 2013-09-26 Fix a "make doc" warning Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [3] broccoli dcode [4] 2013-08-12 Updated specfile. Works under mock for EL6 [5] [1] e67dba5 https://github.com/bro/bro-aux/commit/e67dba513f920e8e2f0e031d50c364cda6106e59 [2] 97503da https://github.com/bro/bro/commit/97503dafe509e512fc24d65050d9e1e3445e09d0 [3] Pull Request #1 https://github.com/bro/broccoli/pull/1 [4] dcode https://github.com/dcode [5] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From jira at bro-tracker.atlassian.net Fri Sep 27 09:06:05 2013 From: jira at bro-tracker.atlassian.net (Jon Siwek (JIRA)) Date: Fri, 27 Sep 2013 11:06:05 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1085) topic/jsiwek/coverity In-Reply-To: References: Message-ID: Jon Siwek created BIT-1085: ------------------------------ Summary: topic/jsiwek/coverity Key: BIT-1085 URL: https://bro-tracker.atlassian.net/browse/BIT-1085 Project: Bro Issue Tracker Issue Type: Improvement Components: BinPAC, Bro, Broccoli, broccoli-python, pysubnettree Affects Versions: git/master Reporter: Jon Siwek Assignee: Robin Sommer Fix For: 2.2 This branch is in bro, pysubnettree, broccoli, broccoli-python, and binpac repos and fixes various defects reported by Coverity. I can't remember any of great significance. There were mostly two categories: * issues that are unlikely to be exercised, but could cause a modest problem (though there's often bigger issues if those code paths were ever taken...) * issues that are likely to be exercised, but haven't posed much of a problem (logically or empirically) I'd say just merge it in before the 2.2 release, but cherry-picking or postponing altogether also seem ok. -- This message was sent by Atlassian JIRA (v6.1-OD-09-WN#6144) From jira at bro-tracker.atlassian.net Fri Sep 27 09:06:05 2013 From: jira at bro-tracker.atlassian.net (Jon Siwek (JIRA)) Date: Fri, 27 Sep 2013 11:06:05 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1085) topic/jsiwek/coverity In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1085?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jon Siwek updated BIT-1085: --------------------------- Status: Merge Request (was: Open) > topic/jsiwek/coverity > --------------------- > > Key: BIT-1085 > URL: https://bro-tracker.atlassian.net/browse/BIT-1085 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: BinPAC, Bro, Broccoli, broccoli-python, pysubnettree > Affects Versions: git/master > Reporter: Jon Siwek > Assignee: Robin Sommer > Fix For: 2.2 > > > This branch is in bro, pysubnettree, broccoli, broccoli-python, and binpac repos and fixes various defects reported by Coverity. > I can't remember any of great significance. There were mostly two categories: > * issues that are unlikely to be exercised, but could cause a modest problem (though there's often bigger issues if those code paths were ever taken...) > * issues that are likely to be exercised, but haven't posed much of a problem (logically or empirically) > I'd say just merge it in before the 2.2 release, but cherry-picking or postponing altogether also seem ok. -- This message was sent by Atlassian JIRA (v6.1-OD-09-WN#6144) From jsiwek at illinois.edu Fri Sep 27 13:28:20 2013 From: jsiwek at illinois.edu (Siwek, Jonathan Luke) Date: Fri, 27 Sep 2013 20:28:20 +0000 Subject: [Bro-Dev] functions truly as globals? In-Reply-To: <20130926223455.GQ48087@icir.org> References: <3A9CE25B-9976-43A3-9C99-206724620C80@icir.org> <20130926223455.GQ48087@icir.org> Message-ID: >> some_func = my_func; > > Please, no ... That's not only hurting readability profoundly but also > prevents function-level code optimization. Just imagine the impact > once we start compiling scripts ... Doesn't readability improve if it makes functions behave in a way more consistent w/ other data types? E.g. if you don't want a value to change at run-time, use the "const" modifier, but if you do, use "local" or "global" depending on what scope is appropriate (though actually using the later with that intention isn't recommended or whatever we want to do/say about it). Right now, the rules for whether you can assign to a variable of function type at run time are a bit dicey. I think you can always assign a function value if it's "local". And you can actually assign to a "global" only if it doesn't already have a value (a function body/definition). Most people probably don't encounter these, but I do think it is jarring. Changing most/all existing "global" function declarations to use "const" instead would help some, but what about the other inconsistencies? - Jon From seth at icir.org Fri Sep 27 13:38:54 2013 From: seth at icir.org (Seth Hall) Date: Fri, 27 Sep 2013 16:38:54 -0400 Subject: [Bro-Dev] functions truly as globals? In-Reply-To: References: <3A9CE25B-9976-43A3-9C99-206724620C80@icir.org> <20130926223455.GQ48087@icir.org> Message-ID: On Sep 27, 2013, at 4:28 PM, "Siwek, Jonathan Luke" wrote: > Changing most/all existing "global" function declarations to use "const" instead would help some, but what about the other inconsistencies? I think that in addition to changing those to const we'd change Bro to not accept creating "global" functions. Are there other inconsistencies? .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 495 bytes Desc: Message signed with OpenPGP using GPGMail Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20130927/37812790/attachment.bin From noreply at bro.org Sat Sep 28 00:00:14 2013 From: noreply at bro.org (Merge Tracker) Date: Sat, 28 Sep 2013 00:00:14 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309280700.r8S70EI5009634@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ------------------------------------------------ ---------- ------------ ---------- ------------- ---------- ------------------------- BIT-1085 [1] BinPAC,Bro,Broccoli,broccoli-python,pysubnettree Jon Siwek Robin Sommer 2013-09-27 2.2 Normal topic/jsiwek/coverity [2] Open Fastpath Commits ====================== Commit Component Author Date Summary ----------- ----------- ------------- ---------- ------------------------------------------------------- e67dba5 [3] bro-aux Daniel Thayer 2013-09-25 Don't show error message in bro-cut when gawk not found 97503da [4] bro Daniel Thayer 2013-09-26 Fix a "make doc" warning Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [5] broccoli dcode [6] 2013-09-28 Updated specfile. Works under mock for EL6 [7] [1] BIT-1085 https://bro-tracker.atlassian.net/browse/BIT-1085 [2] coverity https://github.com/bro/binpac,bro,broccoli,broccoli-python,pysubnettree/tree/topic/jsiwek/coverity [3] e67dba5 https://github.com/bro/bro-aux/commit/e67dba513f920e8e2f0e031d50c364cda6106e59 [4] 97503da https://github.com/bro/bro/commit/97503dafe509e512fc24d65050d9e1e3445e09d0 [5] Pull Request #1 https://github.com/bro/broccoli/pull/1 [6] dcode https://github.com/dcode [7] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From noreply at bro.org Sun Sep 29 00:00:11 2013 From: noreply at bro.org (Merge Tracker) Date: Sun, 29 Sep 2013 00:00:11 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309290700.r8T70BKo002613@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ------------------------------------------------ ---------- ------------ ---------- ------------- ---------- ------------------------- BIT-1085 [1] BinPAC,Bro,Broccoli,broccoli-python,pysubnettree Jon Siwek Robin Sommer 2013-09-27 2.2 Normal topic/jsiwek/coverity [2] Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [3] broccoli dcode [4] 2013-09-28 Updated specfile. Works under mock for EL6 [5] [1] BIT-1085 https://bro-tracker.atlassian.net/browse/BIT-1085 [2] coverity https://github.com/bro/binpac,bro,broccoli,broccoli-python,pysubnettree/tree/topic/jsiwek/coverity [3] Pull Request #1 https://github.com/bro/broccoli/pull/1 [4] dcode https://github.com/dcode [5] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From vern at icir.org Sun Sep 29 20:07:12 2013 From: vern at icir.org (Vern Paxson) Date: Sun, 29 Sep 2013 20:07:12 -0700 Subject: [Bro-Dev] doc/install/CHANGES-bro.txt Message-ID: <20130930030712.0DD842C4014@rock.ICSI.Berkeley.EDU> Is it a bug or a feature in the 2.2 beta that this file stops off in the middle (well, actually near the top) of the 0.9a2 CHANGES items? Vern From vern at icir.org Sun Sep 29 21:25:19 2013 From: vern at icir.org (Vern Paxson) Date: Sun, 29 Sep 2013 21:25:19 -0700 Subject: [Bro-Dev] doc/install/CHANGES-bro.txt In-Reply-To: <20130930030712.0DD842C4014@rock.ICSI.Berkeley.EDU> (Sun, 29 Sep 2013 20:07:12 PDT). Message-ID: <20130930042519.B72BA2C4014@rock.ICSI.Berkeley.EDU> > Is it a bug or a feature in the 2.2 beta that this file stops off in the > middle (well, actually near the top) of the 0.9a2 CHANGES items? Hmmm, part of the problem is that the top-level CHANGES file has two copies of many changes in it. At line 10466 the changes starting at 2.1-826 repeat. Vern From noreply at bro.org Mon Sep 30 00:00:17 2013 From: noreply at bro.org (Merge Tracker) Date: Mon, 30 Sep 2013 00:00:17 -0700 Subject: [Bro-Dev] [Auto] Merge Status Message-ID: <201309300700.r8U70Hlr012049@bro-ids.icir.org> Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ------------------------------------------------ ---------- ------------ ---------- ------------- ---------- ------------------------- BIT-1085 [1] BinPAC,Bro,Broccoli,broccoli-python,pysubnettree Jon Siwek Robin Sommer 2013-09-27 2.2 Normal topic/jsiwek/coverity [2] Open GitHub Pull Requests ========================= Issue Component User Updated Title ------- ----------- --------- ---------- ---------------------------------------------- #1 [3] broccoli dcode [4] 2013-09-28 Updated specfile. Works under mock for EL6 [5] [1] BIT-1085 https://bro-tracker.atlassian.net/browse/BIT-1085 [2] coverity https://github.com/bro/binpac,bro,broccoli,broccoli-python,pysubnettree/tree/topic/jsiwek/coverity [3] Pull Request #1 https://github.com/bro/broccoli/pull/1 [4] dcode https://github.com/dcode [5] Merge Pull Request #1 with git pull https://github.com/dcode/broccoli.git master From robin at icir.org Mon Sep 30 05:01:20 2013 From: robin at icir.org (Robin Sommer) Date: Mon, 30 Sep 2013 05:01:20 -0700 Subject: [Bro-Dev] doc/install/CHANGES-bro.txt In-Reply-To: <20130930042519.B72BA2C4014@rock.ICSI.Berkeley.EDU> References: <20130930030712.0DD842C4014@rock.ICSI.Berkeley.EDU> <20130930042519.B72BA2C4014@rock.ICSI.Berkeley.EDU> Message-ID: <20130930120120.GA57016@icir.org> On Sun, Sep 29, 2013 at 21:25 -0700, you wrote: > Hmmm, part of the problem is that the top-level CHANGES file has two copies > of many changes in it. At line 10466 the changes starting at 2.1-826 repeat. That must have gotten mixed up at some point. I'll put it on the list to fix for the release. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin From jsiwek at illinois.edu Mon Sep 30 08:04:00 2013 From: jsiwek at illinois.edu (Siwek, Jonathan Luke) Date: Mon, 30 Sep 2013 15:04:00 +0000 Subject: [Bro-Dev] functions truly as globals? In-Reply-To: References: <3A9CE25B-9976-43A3-9C99-206724620C80@icir.org> <20130926223455.GQ48087@icir.org> Message-ID: > I think that in addition to changing those to const we'd change Bro to not accept creating "global" functions. You still effectively have global functions if you have a global record w/ a field that is of function type. Do we do something about that? > Are there other inconsistencies? I think more limitations and the current implicit "const" are adding inconsistency and complexity (which comes with more opportunities to bypass in unintended ways). So I'm trying to understand how immutable do function values have to be. The actions I think increase consistency are: 1) change most/all "global" function decls in scripts shipped w/ Bro to explicitly use "const" 2) remove the implicit "const" from "global" functions These should both be easy tasks, but are they actually enough to allow desired optimizations in the compiled-context? What I didn't get from Robin's comment was if the problem is in what the language *allows* regarding function mutability or in the common *usage* of functions in current scripts? - Jon From jira at bro-tracker.atlassian.net Mon Sep 30 08:50:29 2013 From: jira at bro-tracker.atlassian.net (Jon Siwek (JIRA)) Date: Mon, 30 Sep 2013 10:50:29 -0500 (CDT) Subject: [Bro-Dev] [JIRA] (BIT-1053) Update RPM spec file for Broccoli In-Reply-To: References: Message-ID: [ https://bro-tracker.atlassian.net/browse/BIT-1053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jon Siwek updated BIT-1053: --------------------------- Resolution: Fixed Status: Closed (was: Open) > Update RPM spec file for Broccoli > --------------------------------- > > Key: BIT-1053 > URL: https://bro-tracker.atlassian.net/browse/BIT-1053 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Broccoli > Affects Versions: git/master > Environment: EL6 platforms > Reporter: Derek Ditch > Assignee: Jon Siwek > Labels: cleanup, packaging > > I updated the spec file for the Broccoli module in order to be able to run automated builds with mock. The spec file now passes the rpmlint tests and successfully compiles and packages broccoli (with python) on EL6 platforms. This should also work for Fedora, though I haven't ran that build yet. > Things to do: > - split out language bindings to separate packages > - Fix configure scripts/cmake interface to accept standard variables for building; this enable use of the %cmake or %configure macros > See my pull request on GitHub: https://github.com/bro/broccoli/pull/1 -- This message was sent by Atlassian JIRA (v6.1-OD-09-WN#6144)