[Bro-Dev] DNS fix (Re: [Bro-Commits] [git/bro] master: Updating CHANGES and VERSION.) (e24f3f5)

Robin Sommer robin at icir.org
Tue Apr 22 21:41:05 PDT 2014 

I messed up the commit message here. This was supposed to be this:

    Fix duplicate DNS log entries.

    An earlier change to clear state didn't have the intended effect;
    fixed by using a bif instead.

    Without this fix it could still happen that DNS entries got logged
    multiple times, I saw a case where dns.log grew by a factor of
    more than 10. I guess this might also have caused some of the
    trouble with logging on the manager, just by nature of the
    additional volume.


In fact, I'm wondering if this could explain memory trouble as well.
Does this help with worker problems by any chance?

Robin

On Tue, Apr 22, 2014 at 21:43 -0700, I wrote:

> Repository : ssh://git@bro-ids.icir.org/bro
> 
> On branch  : master
> Link       : https://github.com/bro/bro/commit/e24f3f5fd514832ecb26c9b606b9dbfed56792f2
> 
> >---------------------------------------------------------------
> 
> commit e24f3f5fd514832ecb26c9b606b9dbfed56792f2
> Author: Robin Sommer <robin at icir.org>
> Date:   Tue Apr 22 16:32:22 2014 -0700
> 
>     Updating CHANGES and VERSION.
> 
> 
> >---------------------------------------------------------------
> 
> e24f3f5fd514832ecb26c9b606b9dbfed56792f2
>  CHANGES                             | 4 ++++
>  aux/broctl                          | 2 +-
>  scripts/base/protocols/dns/main.bro | 2 +-
>  3 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/CHANGES b/CHANGES
> index d91a2e4..aad4732 100644
> --- a/CHANGES
> +++ b/CHANGES
> @@ -1,4 +1,8 @@
>  
> +2.2-341 | 2014-04-17 18:01:41 -0500
> +
> +  * Fix duplicate DNS log entries. (Robin Sommer)
> +
>  2.2-341 | 2014-04-17 18:01:01 -0500
>  
>    * Refactor initialization of ASCII log writer options. (Jon Siwek)
> diff --git a/aux/broctl b/aux/broctl
> index d991508..f249570 160000
> --- a/aux/broctl
> +++ b/aux/broctl
> @@ -1 +1 @@
> -Subproject commit d99150801b7844e082b5421d1efe4050702d350e
> +Subproject commit f249570e3fb4c83e532cc0813786f0ff60c4dea9
> diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro
> index fe371de..d728060 100644
> --- a/scripts/base/protocols/dns/main.bro
> +++ b/scripts/base/protocols/dns/main.bro
> @@ -183,7 +183,7 @@ function log_unmatched_msgs(msgs: PendingMessages)
>  	for ( trans_id in msgs )
>  		log_unmatched_msgs_queue(msgs[trans_id]);
>  
> -	msgs = PendingMessages();
> +	clear_table(msgs);
>  	}
>  
>  function enqueue_new_msg(msgs: PendingMessages, id: count, msg: Info)
> 
> _______________________________________________
> bro-commits mailing list
> bro-commits at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-commits
> 


-- 
Robin Sommer * Phone +1 (510) 722-6541 *     robin at icir.org
ICSI/LBNL    * Fax   +1 (510) 666-2956 * www.icir.org/robin

More information about the bro-dev mailing list