[Bro-Dev] [JIRA] (BIT-1475) Exec::Run does not complete

Aaron (JIRA) jira at bro-tracker.atlassian.net
Mon Sep 14 14:50:00 PDT 2015 

    [ https://bro-tracker.atlassian.net/browse/BIT-1475?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22101#comment-22101 ] 

Aaron edited comment on BIT-1475 at 9/14/15 4:49 PM:
-----------------------------------------------------

Hi Johanna, you are right, I double checked my own example and it does work--apparently I had simplified it too much so that the behavior isn't observable anymore. The actual setup is a lot more specific. I'm actually invoking a python script. 

I've tried to narrow down where in the python things get locked up, but I could find no discernible pattern, in fact after I threw out enough code it went from "never prints the output" to "sometimes prints it and sometimes does not".  I'm sending my bro script and the python code-- I apologize for not being able to find an absolute minimal example. 

 [^bro.tar.gz] 

With this code, if you run "bro t1.bro" I would expect you to see my python output (the name of a file passed to it from bro). If you run "bro -r my.pcap t1.bro" I would expect you to never see any output related to the script.  Included is the same pcap I'm using but I don't think the file itself has anything to do with  the problem because, in this example, I'm not even looking at it, I'm just putting everything in bro_init.

Is there some kind of timeout where if the process takes too long bro just forgets about it? The code is really not doing anything; perhaps all those nested python imports is taking too much time.

Bro is version 2.3.1.

Edit: sorry again, you will have to adjust the path to the python script mentioned in t1.bro as it is the full path. Just change the path to the dir in which you extract everything (it wants to run "check-macros.py" which must be in the same dir as all its libraries).




was (Author: ajmills):
Hi Johanna, you are right, I double checked my own example and it does work--apparently I had simplified it too much so that the behavior isn't observable anymore. The actual setup is a lot more specific. I'm actually invoking a python script. 

I've tried to narrow down where in the python things get locked up, but I could find no discernible pattern, in fact after I threw out enough code it went from "never prints the output" to "sometimes prints it and sometimes does not".  I'm sending my bro script and the python code-- I apologize for not being able to find an absolute minimal example. 

 [^bro.tar.gz] 

With this code, if you run "bro t1.bro" I would expect you to see my python output (the name of a file passed to it from bro). If you run "bro -r my.pcap t1.bro" I would expect you to never see any output related to the script.  Included is the same pcap I'm using but I don't think the file itself has anything to do with  the problem because, in this example, I'm not even looking at it, I'm just putting everything in bro_init.

Is there some kind of timeout where if the process takes too long bro just forgets about it? The code is really not doing anything; perhaps all those nested python imports is taking too much time.

Bro is version 2.3.1.


> Exec::Run does not complete
> ---------------------------
>
>                 Key: BIT-1475
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1475
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.3
>         Environment: Centos 6.6
>            Reporter: Aaron
>              Labels: hang
>         Attachments: bro.tar.gz
>
>
> I'm having trouble running an external  program in the callback function for an event when processing a pcap file.  It seems to work in bro_init, however, which confuses me. 
> The working file will print out the output of the "ls" command, whereas the not-working file will not print out anything no matter how long I wait.
> Specifically here I want to use the event when bro detects a file in the pcap.
> working.bro (ran as simply "bro working.bro"):
> {code:java}
> @load base/utils/exec
> redef exit_only_after_terminate=T;
> event bro_init()
> {
>         local t= "ls /";
>         local cmd = Exec::Command($cmd=t);
>         when (local res = Exec::run(cmd))
>         {
>                 print "hello";
>                 print res$stdout;
>         }
> }
> {code}
> notworking.bro (ran as bro -r my.pcap notworking.bro:
> {code:java}
> @load base/utils/exec
> @load base/frameworks/files
> @load base/frameworks/notice
> redef exit_only_after_terminate=T;
> event file_new(f: fa_file)
>     {
>         local t ="ls /";
>         local cmd = Exec::Command($cmd=t);
>         when (local res = Exec::run(cmd))
>         {
>                 print "hello";
>                 print res$stdout;
>         }
>     }
> {code}



--
This message was sent by Atlassian JIRA
(v7.0.0-OD-05-005#70102)

More information about the bro-dev mailing list