[Bro-Dev] [JIRA] (BIT-1475) Exec::Run does not complete

Aaron (JIRA) jira at bro-tracker.atlassian.net
Mon Sep 14 14:43:00 PDT 2015 

    [ https://bro-tracker.atlassian.net/browse/BIT-1475?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22101#comment-22101 ] 

Aaron commented on BIT-1475:
----------------------------

Hi Johanna, you are right, I double checked my own example and it does work--apparently I had simplified it too much so that the behavior isn't observable anymore. The actual setup is a lot more specific. I'm actually invoking a python script. 

I've tried to narrow down where in the python things get locked up, but I could find no discernible pattern, in fact after I threw out enough code it went from "never prints the output" to "sometimes prints it and sometimes does not".  I'm sending my bro script and the python code-- I apologize for not being able to find an absolute minimal example. 

 [^bro.tar.gz] 

With this code, if you run "bro t1.bro" I would expect you to see my python output (the name of a file passed to it from bro). If you run "bro -r my.pcap t1.bro" I would expect you to never see any output related to the script.  Included is the same pcap I'm using but I don't think the file itself has anything to do with  the problem because, in this example, I'm not even looking at it, I'm just putting everything in bro_init.

Is there some kind of timeout where if the process takes too long bro just forgets about it? The code is really not doing anything; perhaps all those nested python imports is taking too much time.

Bro is version 2.3.1.


> Exec::Run does not complete
> ---------------------------
>
>                 Key: BIT-1475
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1475
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.3
>         Environment: Centos 6.6
>            Reporter: Aaron
>              Labels: hang
>         Attachments: bro.tar.gz
>
>
> I'm having trouble running an external  program in the callback function for an event when processing a pcap file.  It seems to work in bro_init, however, which confuses me. 
> The working file will print out the output of the "ls" command, whereas the not-working file will not print out anything no matter how long I wait.
> Specifically here I want to use the event when bro detects a file in the pcap.
> working.bro (ran as simply "bro working.bro"):
> {code:java}
> @load base/utils/exec
> redef exit_only_after_terminate=T;
> event bro_init()
> {
>         local t= "ls /";
>         local cmd = Exec::Command($cmd=t);
>         when (local res = Exec::run(cmd))
>         {
>                 print "hello";
>                 print res$stdout;
>         }
> }
> {code}
> notworking.bro (ran as bro -r my.pcap notworking.bro:
> {code:java}
> @load base/utils/exec
> @load base/frameworks/files
> @load base/frameworks/notice
> redef exit_only_after_terminate=T;
> event file_new(f: fa_file)
>     {
>         local t ="ls /";
>         local cmd = Exec::Command($cmd=t);
>         when (local res = Exec::run(cmd))
>         {
>                 print "hello";
>                 print res$stdout;
>         }
>     }
> {code}



--
This message was sent by Atlassian JIRA
(v7.0.0-OD-05-005#70102)

More information about the bro-dev mailing list